Partially fix#34710
The bug described in #34710 can be divided into two parts: `push.paths`
and `pull_request.paths`. This PR fixes the issue related to
`pull_request.paths`. The root cause is that the check for whether the
workflow can be triggered happens **before** updating the PR’s merge
base. This causes the file-change detection to use the old merge base.
Therefore, we need to update the merge base first and then check whether
the workflow can be triggered.
- Updated error message in `incoming.go` to remove unnecessary wrapping
of the error.
- Corrected typo in error message in `wiki.go` for clarity.
---------
Co-authored-by: Giteabot <teabot@gitea.io>
- Update JS deps
- Regenerate SVGs
- Fix air `bin` deprecation
- Fix `monaco.languages.typescript` deprecation
- Remove `eslint-plugin-no-use-extend-native`, it's unnecessary with
typescript
- Enable new `@typescript-eslint` rules
- Disable `@typescript-eslint/no-redundant-type-constituents`, this rule
has bugs when not running under `strictNullChecks` (pending in
https://github.com/go-gitea/gitea/pull/35843).
Presently, attempting to rename a non-local (e.g. Oauth2 or LDAP) user
results in an error, even if the requester is an administrator. As far
as I can tell, this is a security feature, not architectural in nature,
as automatic account linking could be used to take control of another
user's account. This is not a concern for an administrator, who we
should trust to know what they are doing.
This patch allows admins, and only admins, to rename non-local users.
Fixes https://github.com/go-gitea/gitea/issues/18308 (sort of)
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Permission & protection check:
- Fix Delete Release permission check
- Fix Update Pull Request with rebase branch protection check
- Fix Issue Dependency permission check
- Fix Delete Comment History ID check
Information leaking:
- Show unified message for non-existing user and invalid password
- Fix#35984
- Don't expose release draft to non-writer users.
- Make API returns signature's email address instead of the user
profile's.
Auth & Login:
- Avoid GCM OAuth2 attempt when OAuth2 is disabled
- Fix#35510
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This patch amends https://github.com/go-gitea/gitea/pull/27507.
Since https://github.com/go-gitea/gitea/pull/35072, `selectable` css
class can be used for providing hover effect for tables. This patch let
the wiki page be able to make use of that css class, and we can safely
remove the custom css for this purpose.
Behavior is not changed.
----
Side note: I made this patch locally months ago but completely forget to
submit it as a PR 😂
Consistently use a `star` icon to highlight the default column of a
project.
The icon is both shown while viewing the project, as well as while
changing the default status of this column.
<img width="1065" height="370" alt="image"
src="https://github.com/user-attachments/assets/1ca5773d-8eec-4b90-ad0b-22b1f4bd4cfd"
/>
`GITEA_PR_ID` is already part of the env variables available in the
githooks, but it contains a database ID instead of commonly used index
that is part of `owner/repo!index`
This would allow developers to keep a local file that'd add personal
makefile targets for niche convenience customization without having to
have the git workspace polluted with uncommitted changes.
---------
Signed-off-by: techknowlogick <techknowlogick@gitea.com>
From [docs](https://go.dev/doc/toolchain#config):
> The go line declares the minimum required Go version for using the
module or workspace. For compatibility reasons, if the go line is
omitted from a go.mod file, the module is considered to have an implicit
go 1.16 line, and if the go line is omitted from a go.work file, the
workspace is considered to have an implicit go 1.18 line.
> The toolchain line declares a suggested toolchain to use with the
module or workspace. As described in “[Go toolchain
selection](https://go.dev/doc/toolchain#select)” below, the go command
may run this specific toolchain when operating in that module or
workspace if the default toolchain’s version is less than the suggested
toolchain’s version. If the toolchain line is omitted, the module or
workspace is considered to have an implicit toolchain goV line, where V
is the Go version from the go line.
This is better than setting `go` to the latest version which may break
builds when that go version is unavailable, for example with
`GOTOOLCHAIN=local` in the official go docker images.
Fix#35852, the root problem is that the "name" field is heavily abused
(since #6816, and no way to get a clear fix)
There are still a lot of legacy problems in old code.
Co-authored-by: Giteabot <teabot@gitea.io>
