82323c7270
chore(deps): update module golang.org/x/net to v0.55.0 [security] ( #1001 )
...
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/ ) | [Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [golang.org/x/net](https://pkg.go.dev/golang.org/x/net ) | [`v0.54.0` → `v0.55.0`](https://cs.opensource.google/go/x/net/+/refs/tags/v0.54.0...refs/tags/v0.55.0 ) |  |  |
---
### Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html
[CVE-2026-42506](https://nvd.nist.gov/vuln/detail/CVE-2026-42506 ) / [GO-2026-5025](https://pkg.go.dev/vuln/GO-2026-5025 )
<details>
<summary>More information</summary>
#### Details
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
#### Severity
Unknown
#### References
- [https://go.dev/issue/79571 ](https://go.dev/issue/79571 )
- [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 ](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 )
- [https://go.dev/cl/781700 ](https://go.dev/cl/781700 )
This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5025 ) and the [Go Vulnerability Database](https://github.com/golang/vulndb ) ([CC-BY 4.0](https://github.com/golang/vulndb#license )).
</details>
---
### Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna
[CVE-2026-39821](https://nvd.nist.gov/vuln/detail/CVE-2026-39821 ) / [GO-2026-5026](https://pkg.go.dev/vuln/GO-2026-5026 )
<details>
<summary>More information</summary>
#### Details
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error.
This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".
#### Severity
Unknown
#### References
- [https://go.dev/cl/767220 ](https://go.dev/cl/767220 )
- [https://go.dev/issue/78760 ](https://go.dev/issue/78760 )
- [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 ](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 )
This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5026 ) and the [Go Vulnerability Database](https://github.com/golang/vulndb ) ([CC-BY 4.0](https://github.com/golang/vulndb#license )).
</details>
---
### Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html
[CVE-2026-42502](https://nvd.nist.gov/vuln/detail/CVE-2026-42502 ) / [GO-2026-5027](https://pkg.go.dev/vuln/GO-2026-5027 )
<details>
<summary>More information</summary>
#### Details
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
#### Severity
Unknown
#### References
- [https://go.dev/issue/79572 ](https://go.dev/issue/79572 )
- [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 ](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 )
- [https://go.dev/cl/781701 ](https://go.dev/cl/781701 )
This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5027 ) and the [Go Vulnerability Database](https://github.com/golang/vulndb ) ([CC-BY 4.0](https://github.com/golang/vulndb#license )).
</details>
---
### Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html
[CVE-2026-25680](https://nvd.nist.gov/vuln/detail/CVE-2026-25680 ) / [GO-2026-5028](https://pkg.go.dev/vuln/GO-2026-5028 )
<details>
<summary>More information</summary>
#### Details
Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service.
#### Severity
Unknown
#### References
- [https://go.dev/cl/781702 ](https://go.dev/cl/781702 )
- [https://go.dev/issue/79573 ](https://go.dev/issue/79573 )
- [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 ](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 )
This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5028 ) and the [Go Vulnerability Database](https://github.com/golang/vulndb ) ([CC-BY 4.0](https://github.com/golang/vulndb#license )).
</details>
---
### Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html
[CVE-2026-25681](https://nvd.nist.gov/vuln/detail/CVE-2026-25681 ) / [GO-2026-5029](https://pkg.go.dev/vuln/GO-2026-5029 )
<details>
<summary>More information</summary>
#### Details
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
#### Severity
Unknown
#### References
- [https://go.dev/issue/79574 ](https://go.dev/issue/79574 )
- [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 ](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 )
- [https://go.dev/cl/781703 ](https://go.dev/cl/781703 )
This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5029 ) and the [Go Vulnerability Database](https://github.com/golang/vulndb ) ([CC-BY 4.0](https://github.com/golang/vulndb#license )).
</details>
---
### Invoking duplicate attributes can cause XSS in golang.org/x/net/html
[CVE-2026-27136](https://nvd.nist.gov/vuln/detail/CVE-2026-27136 ) / [GO-2026-5030](https://pkg.go.dev/vuln/GO-2026-5030 )
<details>
<summary>More information</summary>
#### Details
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering.
#### Severity
Unknown
#### References
- [https://go.dev/issue/79575 ](https://go.dev/issue/79575 )
- [https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 ](https://groups.google.com/g/golang-announce/c/iI-mYSI0lu8 )
- [https://go.dev/cl/781685 ](https://go.dev/cl/781685 )
This data is provided by [OSV](https://osv.dev/vulnerability/GO-2026-5030 ) and the [Go Vulnerability Database](https://github.com/golang/vulndb ) ([CC-BY 4.0](https://github.com/golang/vulndb#license )).
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- ""
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTEuMiIsInVwZGF0ZWRJblZlciI6IjQzLjE5MS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Reviewed-on: https://gitea.com/gitea/tea/pulls/1001
Reviewed-by: silverwind <2021+silverwind@noreply.gitea.com >
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-05-22 20:51:54 +00:00
861201541d
fix(deps): update module golang.org/x/sys to v0.45.0 ( #1000 )
...
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/ ) | [Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [golang.org/x/sys](https://pkg.go.dev/golang.org/x/sys ) | [`v0.44.0` → `v0.45.0`](https://cs.opensource.google/go/x/sys/+/refs/tags/v0.44.0...refs/tags/v0.45.0 ) |  |  |
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xOTAuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE5MC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Reviewed-on: https://gitea.com/gitea/tea/pulls/1000
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-05-22 07:35:59 +00:00
ef0dc62dd6
fix(deps): update module github.com/go-git/go-git/v5 to v5.19.1 ( #996 )
...
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/ ) | [Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) | `v5.19.0` → `v5.19.1` |  |  |
---
### Release Notes
<details>
<summary>go-git/go-git (github.com/go-git/go-git/v5)</summary>
### [`v5.19.1`](https://github.com/go-git/go-git/releases/tag/v5.19.1 )
[Compare Source](https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1 )
#### What's Changed
- v5: plumbing: transport/ssh, Shell-quote path by [@​hiddeco](https://github.com/hiddeco ) in [#​2068](https://github.com/go-git/go-git/pull/2068 )
- v5: git: submodule, Fix relative URL resolution by [@​hiddeco](https://github.com/hiddeco ) in [#​2070](https://github.com/go-git/go-git/pull/2070 )
- v5: git: submodule, canonical remote for relative URLs by [@​hiddeco](https://github.com/hiddeco ) in [#​2074](https://github.com/go-git/go-git/pull/2074 )
- v5: git: submodule, error on remote without URLs by [@​hiddeco](https://github.com/hiddeco ) in [#​2078](https://github.com/go-git/go-git/pull/2078 )
- v5: plumbing: format/idxfile, Validate offset64 indices by [@​hiddeco](https://github.com/hiddeco ) in [#​2084](https://github.com/go-git/go-git/pull/2084 )
- v5: \*: Reject malformed variable-length integers by [@​hiddeco](https://github.com/hiddeco ) in [#​2092](https://github.com/go-git/go-git/pull/2092 )
- v5: plumbing: format/packfile, Tighten delta validation by [@​hiddeco](https://github.com/hiddeco ) in [#​2091](https://github.com/go-git/go-git/pull/2091 )
- v5: Add `worktreeFilesystem` wrapper for worktree and hardening by [@​hiddeco](https://github.com/hiddeco ) in [#​2100](https://github.com/go-git/go-git/pull/2100 )
- v5: config: validate submodule names by [@​hiddeco](https://github.com/hiddeco ) in [#​2082](https://github.com/go-git/go-git/pull/2082 )
- build: Update module github.com/go-git/go-git/v5 to v5.19.0 \[SECURITY] (releases/v5.x) by [@​go-git-renovate](https://github.com/go-git-renovate )\[bot] in [#​2111](https://github.com/go-git/go-git/pull/2111 )
- v5: git: Allow MkdirAll on worktree-root paths by [@​hiddeco](https://github.com/hiddeco ) in [#​2117](https://github.com/go-git/go-git/pull/2117 )
- v5: git: Stop validating symlink target paths by [@​pjbgf](https://github.com/pjbgf ) in [#​2116](https://github.com/go-git/go-git/pull/2116 )
- v5: plumbing: format decoder input bounds and contracts by [@​hiddeco](https://github.com/hiddeco ) in [#​2125](https://github.com/go-git/go-git/pull/2125 )
- plumbing: format/packfile, cap delta chain depth in parser by [@​pjbgf](https://github.com/pjbgf ) in [#​2137](https://github.com/go-git/go-git/pull/2137 )
**Full Changelog**: <https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1 >
</details>
---
This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xODIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjE4Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Reviewed-on: https://gitea.com/gitea/tea/pulls/996
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-05-19 04:53:00 +00:00
6134351048
bump go deps
2026-05-14 12:01:28 -04:00
8be4dae66e
fix(deps): update module github.com/go-authgate/sdk-go to v0.11.0 ( #988 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/988
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-05-14 16:00:02 +00:00
b8dcb8a442
fix(deps): update module golang.org/x/term to v0.43.0 ( #989 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/989
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-05-14 15:59:53 +00:00
01632d927e
fix(deps): update module code.gitea.io/sdk/gitea to v0.25.1 ( #991 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/991
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-05-14 15:59:44 +00:00
2cc45f1cce
fix(deps): update github.com/urfave/cli to v3.9.0 ( #993 )
...
Fix https://gitea.com/gitea/tea/issues/975
Reviewed-on: https://gitea.com/gitea/tea/pulls/993
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Minjie Fang <wingsallen@gmail.com >
Co-committed-by: Minjie Fang <wingsallen@gmail.com >
2026-05-14 05:15:33 +00:00
19dd8b1b4b
fix(deps): update module code.gitea.io/sdk/gitea to v0.25.0 ( #984 )
...
Bumping gitea SDK to version v0.25.0
Currently there is an issue when users try to use SSH to authenticate to a gitea server. The issue is already reported here #983
The problem was that `*gitea.HTTPSign` embeds `ssh.Signer` (not `ssh.AlgorithmSigner`).
`httpsig v1.2.4` type-asserts the signer to `ssh.AlgorithmSigner` for RSA keys and panics because `*HTTPSign` doesn't expose `SignWithAlgorithm`.
Fix: SDK v0.25.0 adds `SignWithAlgorithm` to `HTTPSign`, satisfying `ssh.AlgorithmSigner`.
Reviewed-on: https://gitea.com/gitea/tea/pulls/984
Reviewed-by: techknowlogick <9+techknowlogick@noreply.gitea.com >
Co-authored-by: Carlos Grillet <carlosbeta5000@gmail.com >
Co-committed-by: Carlos Grillet <carlosbeta5000@gmail.com >
2026-05-07 17:29:39 +00:00
e686e8d0bd
fix(deps): update module github.com/go-authgate/sdk-go to v0.10.0 ( #976 )
...
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/ ) | [Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go ) | `v0.9.0` → `v0.10.0` |  |  |
---
### Release Notes
<details>
<summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary>
### [`v0.10.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.10.0 )
[Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.9.0...v0.10.0 )
#### Changelog
##### Others
- [`5b43693`](https://github.com/go-authgate/sdk-go/commit/5b436935ca0c587301754ee8e43dc04329b34623 ): feat(jwksauth)!: align with upstream JWT\_PRIVATE\_CLAIM\_PREFIX ([#​27](https://github.com/go-authgate/sdk-go/issues/27 )) ([@​appleboy](https://github.com/appleboy ))
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNjAuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE2MC42IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Reviewed-on: https://gitea.com/gitea/tea/pulls/976
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-05-04 02:06:58 +00:00
1f6fd97fc1
fix(deps): update module github.com/go-authgate/sdk-go to v0.9.0 ( #974 )
...
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/ ) | [Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go ) | `v0.8.0` → `v0.9.0` |  |  |
---
### Release Notes
<details>
<summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary>
### [`v0.9.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.9.0 )
[Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.8.0...v0.9.0 )
#### Changelog
##### Documentation updates
- [`86d33f3`](https://github.com/go-authgate/sdk-go/commit/86d33f315c3eddfe92f37e4d8b3ac30afbc0ef72 ): docs(jwksauth): tighten readme table column widths ([@​appleboy](https://github.com/appleboy ))
##### Others
- [`545d96f`](https://github.com/go-authgate/sdk-go/commit/545d96fd43d8a6e6bc76a3c6b28683ffa3eace06 ): refactor(jwksauth)!: rename Tenant to Domain and add Tenant sub-claim ([#​25](https://github.com/go-authgate/sdk-go/issues/25 )) ([@​appleboy](https://github.com/appleboy ))
- [`1e73580`](https://github.com/go-authgate/sdk-go/commit/1e73580c87f2be874101c4ccc02f3dd1ceb17c53 ): feat(jwksauth)!: adopt slog-style Logger interface ([#​24](https://github.com/go-authgate/sdk-go/issues/24 )) ([@​appleboy](https://github.com/appleboy ))
- [`7af1bc4`](https://github.com/go-authgate/sdk-go/commit/7af1bc463714a2c4e6aea1741c87b20fdbba21ce ): test(jwksauth): fix stale Tenant references in policy reject test ([#​26](https://github.com/go-authgate/sdk-go/issues/26 )) ([@​appleboy](https://github.com/appleboy ))
</details>
---
Reviewed-on: https://gitea.com/gitea/tea/pulls/974
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-05-02 02:04:23 +00:00
27e6083e23
fix(deps): update module github.com/go-authgate/sdk-go to v0.8.0 ( #972 )
...
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/ ) | [Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [github.com/go-authgate/sdk-go](https://github.com/go-authgate/sdk-go ) | `v0.7.0` → `v0.8.0` |  |  |
---
### Release Notes
<details>
<summary>go-authgate/sdk-go (github.com/go-authgate/sdk-go)</summary>
### [`v0.8.0`](https://github.com/go-authgate/sdk-go/releases/tag/v0.8.0 )
[Compare Source](https://github.com/go-authgate/sdk-go/compare/v0.7.0...v0.8.0 )
#### Changelog
##### Refactor
- [`62ccff0`](https://github.com/go-authgate/sdk-go/commit/62ccff06c837abe9c9cd6d8411525e3d25344cf1 ): refactor(jwksauth): share OIDC discovery and drop tenant cache ([#​23](https://github.com/go-authgate/sdk-go/issues/23 )) ([@​appleboy](https://github.com/appleboy ))
- [`088ee3b`](https://github.com/go-authgate/sdk-go/commit/088ee3bd2d5f891c03d27212a6ed5283b1434282 ): refactor(sdk): harden HTTP reads and improve code quality ([#​18](https://github.com/go-authgate/sdk-go/issues/18 )) ([@​appleboy](https://github.com/appleboy ))
- [`aa17bc2`](https://github.com/go-authgate/sdk-go/commit/aa17bc2373b675b0f0882672706c66a0f523b05f ): refactor: simplify oauth client and token source flows ([#​22](https://github.com/go-authgate/sdk-go/issues/22 )) ([@​appleboy](https://github.com/appleboy ))
</details>
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com >
Reviewed-on: https://gitea.com/gitea/tea/pulls/972
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-05-01 23:16:49 +00:00
b100d4c939
fix(deps): update module github.com/go-authgate/sdk-go to v0.7.0 ( #970 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/970
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-04-29 03:28:15 +00:00
d0b7ea09e8
fix(deps): update module charm.land/lipgloss/v2 to v2.0.3 ( #959 )
...
This PR contains the following updates:
| Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/ ) | [Confidence](https://docs.renovatebot.com/merge-confidence/ ) |
|---|---|---|---|
| [charm.land/lipgloss/v2](https://github.com/charmbracelet/lipgloss ) | `v2.0.2` → `v2.0.3` |  |  |
---
### Release Notes
<details>
<summary>charmbracelet/lipgloss (charm.land/lipgloss/v2)</summary>
### [`v2.0.3`](https://github.com/charmbracelet/lipgloss/releases/tag/v2.0.3 )
[Compare Source](https://github.com/charmbracelet/lipgloss/compare/v2.0.2...v2.0.3 )
#### Changelog
##### Fixed
- [`472d718`](https://github.com/charmbracelet/lipgloss/commit/472d718e2314596549bee2c0c8ccf8beea5f25ae ): fix: Avoid background color query hang ([#​636](https://github.com/charmbracelet/lipgloss/issues/636 )) ([@​jedevc](https://github.com/jedevc ))
##### Docs
- [`9e39a0a`](https://github.com/charmbracelet/lipgloss/commit/9e39a0ad4f4fc779d620f17783cee3494da6ae29 ): docs: fix README typo ([#​629](https://github.com/charmbracelet/lipgloss/issues/629 )) ([@​Rohan5commit](https://github.com/Rohan5commit ))
- [`cd93a9f`](https://github.com/charmbracelet/lipgloss/commit/cd93a9f5d2e3cb151da83150db29751d92585d23 ): docs: fix tree comment typo ([#​634](https://github.com/charmbracelet/lipgloss/issues/634 )) ([@​Rohan5commit](https://github.com/Rohan5commit ))
***
<a href="https://charm.land/ "><img alt="The Charm logo" src="https://stuff.charm.sh/charm-banner-next.jpg " width="400"></a>
Thoughts? Questions? We love hearing from you. Feel free to reach out on [X](https://x.com/charmcli ), [Discord](https://charm.land/discord ), [Slack](https://charm.land/slack ), [The Fediverse](https://mastodon.social/@​charmcli ), [Bluesky](https://bsky.app/profile/charm.land ).
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMTEuMCIsInVwZGF0ZWRJblZlciI6IjQzLjExMS4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com >
Reviewed-on: https://gitea.com/gitea/tea/pulls/959
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-04-20 19:34:25 +00:00
20914a1375
fix(deps): update module github.com/go-git/go-git/v5 to v5.18.0 ( #961 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/961
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-04-20 01:11:50 +00:00
84ecd16f9c
fix(deps): update Go dependencies to latest versions ( #955 )
...
## Summary
- Upgrade all Go module dependencies to their latest versions
- Includes updates to charm.land, golang.org/x, goldmark, go-crypto, and other indirect dependencies
- Project builds cleanly with all updates
## Test plan
- [x] `go build ./...` passes
- [x] CI pipeline passes
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Reviewed-on: https://gitea.com/gitea/tea/pulls/955
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com >
Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com >
2026-04-10 01:40:40 +00:00
0489d8c275
fix(deps): update module golang.org/x/sys to v0.43.0 ( #951 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/951
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-04-09 14:16:37 +00:00
366069315f
fix(deps): update module github.com/go-git/go-git/v5 to v5.17.2 ( #943 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/943
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-04-01 18:14:14 +00:00
1e13681663
fix(deps): update module github.com/go-git/go-git/v5 to v5.17.1 ( #942 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/942
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-03-30 07:00:31 +00:00
bfbec3fc00
fix(deps): update module code.gitea.io/sdk/gitea to v0.24.1 ( #936 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/936
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-03-27 06:04:29 +00:00
e31a167e54
fix(deps): update module github.com/go-authgate/sdk-go to v0.6.1 ( #935 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/935
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-03-27 03:47:06 +00:00
6a7c3e4efa
fix(deps): update module github.com/urfave/cli/v3 to v3.8.0 ( #937 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/937
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-03-27 03:46:50 +00:00
9a462247bd
fix(deps): update module github.com/olekukonko/tablewriter to v1.1.4 ( #933 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/933
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-03-13 00:18:26 +00:00
ec658cfc33
chore(deps): update Go dependencies and CI workflow action versions ( #932 )
...
## Summary
- Run `go get -u ./...` and `go mod tidy` to update all Go dependencies
- Update CI workflow action versions:
- `crazy-max/ghaction-import-gpg`: v6 → v7
- `goreleaser/goreleaser-action`: v6 → v7
- `docker/setup-qemu-action`: v3 → v4
- `docker/setup-buildx-action`: v3 → v4
- `docker/login-action`: v3 → v4
- `docker/build-push-action`: v6 → v7
## Notable Go dependency updates
- `github.com/urfave/cli/v3`: v3.6.2 → v3.7.0
- `github.com/ProtonMail/go-crypto`: v1.3.0 → v1.4.0
- `charm.land/huh/v2`: v2.0.1 → v2.0.3
- `golang.org/x/crypto`: v0.48.0 → v0.49.0
- `golang.org/x/net`: v0.49.0 → v0.52.0
Reviewed-on: https://gitea.com/gitea/tea/pulls/932
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com >
Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com >
2026-03-12 05:28:47 +00:00
302c946cb8
feat: store OAuth tokens in OS keyring via credstore ( #926 )
...
## Summary
- Introduce `github.com/go-authgate/sdk-go/credstore` to store OAuth tokens securely in the OS keyring (macOS Keychain / Linux Secret Service / Windows Credential Manager), with automatic fallback to an encrypted JSON file
- Add `AuthMethod` field to `Login` struct; new OAuth logins are marked `auth_method: oauth` and no longer write `token`/`refresh_token`/`token_expiry` to `config.yml`
- Add `GetAccessToken()` / `GetRefreshToken()` / `GetTokenExpiry()` accessors that transparently read from credstore for OAuth logins, with fallback to YAML fields for legacy logins
- Update all token reference sites across the codebase to use the new accessors
- Non-OAuth logins (token, SSH) are completely unaffected; no migration of existing tokens
## Key files
| File | Role |
|------|------|
| `modules/config/credstore.go` | **New** — credstore wrapper (Load/Save/Delete) |
| `modules/config/login.go` | Login struct, token accessors, refresh logic |
| `modules/auth/oauth.go` | OAuth flow, token creation / re-authentication |
| `modules/api/client.go`, `cmd/login/helper.go`, `cmd/login/oauth_refresh.go` | Token reference updates |
| `modules/task/pull_*.go`, `modules/task/repo_clone.go` | Git operation token reference updates |
## Test plan
- [x] `go build ./...` compiles successfully
- [x] `go test ./...` all tests pass
- [x] `tea login add --oauth` completes OAuth flow; verify config.yml has `auth_method: oauth` but no token/refresh_token/token_expiry
- [x] `tea repos ls` API calls work (token read from credstore)
- [x] `tea login delete <name>` credstore token is also removed
- [x] Existing non-OAuth logins continue to work unchanged
🤖 Generated with [Claude Code](https://claude.com/claude-code )
Reviewed-on: https://gitea.com/gitea/tea/pulls/926
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com >
Co-committed-by: Bo-Yi Wu <appleboy.tw@gmail.com >
2026-03-12 02:49:14 +00:00
c797624fcf
Update to charm libraries v2 ( #923 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/923
Reviewed-by: techknowlogick <9+techknowlogick@noreply.gitea.com >
Co-authored-by: Michal Suchanek <msuchanek@suse.de >
Co-committed-by: Michal Suchanek <msuchanek@suse.de >
2026-03-09 16:36:00 +00:00
3372c9ec59
fix(deps): update module golang.org/x/oauth2 to v0.36.0 ( #919 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/919
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-03-09 16:19:28 +00:00
1ac8492ac7
go 1.26
2026-03-09 15:57:54 +00:00
d019f0dd72
fix(deps): update module github.com/go-git/go-git/v5 to v5.17.0 ( #910 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/910
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-02-26 17:59:28 +00:00
dfd400f15b
Fix termenv OSC RGBA handling ( #907 )
...
Fixes : #889
Reviewed-on: https://gitea.com/gitea/tea/pulls/907
Reviewed-by: techknowlogick <techknowlogick@noreply.gitea.com >
Co-authored-by: Michal Suchanek <msuchanek@suse.de >
Co-committed-by: Michal Suchanek <msuchanek@suse.de >
2026-02-12 16:16:53 +00:00
ea795775af
fix(deps): update module golang.org/x/crypto to v0.48.0 ( #905 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/905
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-02-10 00:43:00 +00:00
1093ef1524
fix(deps): update module github.com/go-git/go-git/v5 to v5.16.5 ( #904 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/904
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-02-10 00:42:45 +00:00
873a44f897
fix(deps): update module golang.org/x/sys to v0.41.0 ( #901 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/901
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-02-09 05:22:44 +00:00
47f74ea696
fix(deps): update module golang.org/x/oauth2 to v0.35.0 ( #900 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/900
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-02-09 04:56:34 +00:00
49a9032d8a
Move versions/filelocker into dedicated subpackages, and consistent headers in http requests ( #888 )
...
- move filelocker logic into dedicated subpackage
- consistent useragent in requests
Reviewed-on: https://gitea.com/gitea/tea/pulls/888
Co-authored-by: techknowlogick <techknowlogick@gitea.com >
Co-committed-by: techknowlogick <techknowlogick@gitea.com >
2026-02-05 18:05:43 +00:00
29488a1f46
build w/ go1.25 ( #886 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/886
Co-authored-by: techknowlogick <techknowlogick@gitea.com >
Co-committed-by: techknowlogick <techknowlogick@gitea.com >
2026-02-04 19:27:25 +00:00
037d1aad23
fix(deps): update module github.com/charmbracelet/lipgloss to v2 ( #885 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/885
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-02-04 00:56:04 +00:00
ae9eb4f2c0
Add locking to ensure safe concurrent access to config file ( #881 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/881
Co-authored-by: techknowlogick <techknowlogick@gitea.com >
Co-committed-by: techknowlogick <techknowlogick@gitea.com >
2026-02-03 23:48:18 +00:00
864face284
fix(deps): update module golang.org/x/oauth2 to v0.34.0 ( #878 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/878
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-02-03 01:06:03 +00:00
383c5fdc03
fix(deps): update module github.com/urfave/cli/v3 to v3.6.2 ( #876 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/876
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-02-03 01:00:21 +00:00
7801310a18
fix(deps): update module github.com/olekukonko/tablewriter to v1.1.3 ( #875 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/875
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2026-02-03 01:00:03 +00:00
ae740a66e8
update sdk version ( #868 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/868
Co-authored-by: techknowlogick <techknowlogick@gitea.com >
Co-committed-by: techknowlogick <techknowlogick@gitea.com >
2026-02-02 19:54:44 +00:00
587b31503d
Upgrade dependencies ( #849 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/849
2025-11-24 19:21:55 +00:00
45771265c4
update gitea sdk to v0.22 ( #813 )
...
needed because of: https://gitea.com/gitea/go-sdk/commit/25b5fb0ff757f95731b5f3240153a4da59cf6c68
closes: https://gitea.com/gitea/tea/issues/812
Reviewed-on: https://gitea.com/gitea/tea/pulls/813
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com >
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com >
2025-09-10 23:18:05 +00:00
d531c6fdb0
update go.mod to retract the wrong tag v1.3.3 ( #802 )
...
Fix #674
Reviewed-on: https://gitea.com/gitea/tea/pulls/802
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-committed-by: Lunny Xiao <xiaolunwen@gmail.com >
2025-08-27 15:38:58 +00:00
4c00b8b571
Use bubbletea instead of survey for interacting with TUI ( #786 )
...
Fix #772
Reviewed-on: https://gitea.com/gitea/tea/pulls/786
Reviewed-by: Bo-Yi Wu (吳柏毅) <appleboy.tw@gmail.com >
2025-08-11 18:23:52 +00:00
ffff540aa7
fix(deps): update module github.com/urfave/cli/v3 to v3.3.8 ( #766 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [github.com/urfave/cli/v3](https://github.com/urfave/cli ) | require | patch | `v3.3.3` -> `v3.3.8` |
---
### Release Notes
<details>
<summary>urfave/cli (github.com/urfave/cli/v3)</summary>
### [`v3.3.8`](https://github.com/urfave/cli/releases/tag/v3.3.8 )
[Compare Source](https://github.com/urfave/cli/compare/v3.3.7...v3.3.8 )
#### What's Changed
- Remove "alpha" wording around `v3` series by [@​meatballhat](https://github.com/meatballhat ) in https://github.com/urfave/cli/pull/2155
**Full Changelog**: https://github.com/urfave/cli/compare/v3.3.7...v3.3.8
### [`v3.3.7`](https://github.com/urfave/cli/releases/tag/v3.3.7 )
[Compare Source](https://github.com/urfave/cli/compare/v3.3.6...v3.3.7 )
#### What's Changed
- fix: add missing `IsLocal` for BoolWithInverseFlag by [@​huiyifyj](https://github.com/huiyifyj ) in https://github.com/urfave/cli/pull/2151
- Fix OnUsageError Trigger When Error Is Caused by Mutually Exclusive Flags by [@​Ali-Doustkani](https://github.com/Ali-Doustkani ) in https://github.com/urfave/cli/pull/2152
#### New Contributors
- [@​Ali-Doustkani](https://github.com/Ali-Doustkani ) made their first contribution in https://github.com/urfave/cli/pull/2152
**Full Changelog**: https://github.com/urfave/cli/compare/v3.3.6...v3.3.7
### [`v3.3.6`](https://github.com/urfave/cli/releases/tag/v3.3.6 )
[Compare Source](https://github.com/urfave/cli/compare/v3.3.5...v3.3.6 )
#### What's Changed
- Fish completions with identically named sub-commands now work by [@​bittrance](https://github.com/bittrance ) in https://github.com/urfave/cli/pull/2130
**Full Changelog**: https://github.com/urfave/cli/compare/v3.3.5...v3.3.6
### [`v3.3.5`](https://github.com/urfave/cli/releases/tag/v3.3.5 )
[Compare Source](https://github.com/urfave/cli/compare/v3.3.4...v3.3.5 )
#### What's Changed
- Fix:(issue\_2137) Ensure default value for bool with inverse flag is h… by [@​dearchap](https://github.com/dearchap ) in https://github.com/urfave/cli/pull/2138
- Fix:(issue\_2131) Show help text for BoolWithInverseFlag by [@​Juneezee](https://github.com/Juneezee ) in https://github.com/urfave/cli/pull/2142
**Full Changelog**: https://github.com/urfave/cli/compare/v3.3.4...v3.3.5
### [`v3.3.4`](https://github.com/urfave/cli/releases/tag/v3.3.4 )
[Compare Source](https://github.com/urfave/cli/compare/v3.3.3...v3.3.4 )
#### What's Changed
- Fix Docs(issue\_2125) Add PathFlag to StringFlag migration by [@​dearchap](https://github.com/dearchap ) in https://github.com/urfave/cli/pull/2136
- fix: remove extraneous space from subcommand help template by [@​G-Rath](https://github.com/G-Rath ) in https://github.com/urfave/cli/pull/2140
- Fix:(issue\_2135) Correct formatting of default subcommand USAGE text by [@​zzspoon](https://github.com/zzspoon ) in https://github.com/urfave/cli/pull/2139
#### New Contributors
- [@​zzspoon](https://github.com/zzspoon ) made their first contribution in https://github.com/urfave/cli/pull/2139
**Full Changelog**: https://github.com/urfave/cli/compare/v3.3.3...v3.3.4
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC40OS42IiwidXBkYXRlZEluVmVyIjoiNDAuNDkuNiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Reviewed-on: https://gitea.com/gitea/tea/pulls/766
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2025-06-16 17:07:00 +00:00
f09d6ca46b
fix(deps): update module github.com/go-git/go-git/v5 to v5.16.2 ( #765 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/765
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2025-06-10 14:52:26 +00:00
0e54bae0c4
migrate tea to urfave v3 ( #760 )
...
I tested this somewhat, but I haven't been using the cli before so I'm not sure if there are changes - there shouldn't be though.
Reviewed-on: https://gitea.com/gitea/tea/pulls/760
Reviewed-by: Lunny Xiao <xiaolunwen@gmail.com >
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com >
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com >
2025-06-10 05:19:59 +00:00
177b7397f3
fix(deps): update module github.com/go-git/go-git/v5 to v5.16.1 ( #762 )
...
Reviewed-on: https://gitea.com/gitea/tea/pulls/762
Co-authored-by: Renovate Bot <renovate-bot@gitea.com >
Co-committed-by: Renovate Bot <renovate-bot@gitea.com >
2025-06-06 00:13:48 +00:00
Renovate Bot
