main
20802 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
 oleks
|
c45ea82fd1 | Merge pull request 'fix(project): push SSE update when an issue on a board is closed/reopened' (#20) from fix/issue-19-sse-state into main | ||
 oleks
|
c19ecab35d |
fix(project): push SSE update when an issue on a board is closed/reopened
Closing or reopening an issue did not notify project boards that carry it as a card, so board tabs showed stale state until a manual reload. CloseIssue/ReopenIssue only published milestone events and the issue timeline notification — nothing project-scoped. Add a CardStateChanged project event, published per linked project from CloseIssue/ReopenIssue (best-effort; never fails the state change). The board frontend flips the issue-state octicon in place and refetches the affected column so state-filtered boards and counts stay correct. The dispatch check precedes the CardUnlinked branch so a close/reopen is not mistaken for a card removal. Also switch a pre-existing String#match to RegExp#exec in the same file to keep it lint-clean. Closes #19 |
||
|
oleks
|
ad46f6cde8 | Merge pull request 'fix(projects): scope project-issue move to its own project' (#18) from fix/user-project-move-multiproject-detach into main | ||
|
Claude
|
078459c497 |
fix(projects): scope project-issue move to its own project
MoveIssuesOnProjectColumn updated `project_issue` with a WHERE clause on issue_id only. An issue assigned to several projects has one project_issue row per project, so moving it within one project rewrote project_board_id for every project the issue belonged to, detaching it from all the others. Scope the UPDATE to (issue_id, project_id) so only the target project's row changes. Mirrors the fix already present in upstream/main. Adds an integration regression test asserting an issue in two user projects keeps its column in the other project after a move. Fixes #17. |
||
|
oleks
|
d4de99f96b | feat(sse): toast notifications for project-board and milestone events (#15) v1.26.0-unstable-2026-05-16.1 | ||
|
oleks
|
9f588d3dd3 | feat(milestone): SSE live-updating progress bars (#14) v1.26.0-unstable-2026-05-16 | ||
|
oleks
|
4676a3af93 | fix(project_events): use process-lifetime ctx for async SSE publish (#8) | ||
|
oleks
|
9c1699feb5 | feat(project): SSE push updates for project board pages (#7) v1.26.0-unstable-2026-05-15.1 | ||
|
oleks
|
15acfdb783 | feat(api): state filter + populated num_issues on project columns (#6) | ||
|
Oleks
|
1cd81ff925 |
feat(api): state filter + populated num_issues on project columns
Adds two improvements to the user/org/repo project-board REST API: * state filter on column-issues endpoints (issue #4) GET /api/v1/{users,orgs}/{name}/-/projects/{id}/columns/{col}/issues GET /api/v1/repos/{owner}/{repo}/projects/{id}/columns/{col}/issues Now accept ?state=open|closed|all (default open), matching the convention on the project-list endpoint and on /repos/.../issues. Applied at the IssuesOptions layer so all three scopes inherit the filter. * populated num_issues / num_open_issues / num_closed_issues on column-list (issue #5) ColumnList.LoadIssueCounts runs two grouped queries against project_issue joined with issue (one open, one closed). All three List*Columns handlers call it before converting, so num_issues stops being null and consumers can render a kanban summary in a single round trip instead of N+1. Tests: * unit: empty-input fast path on ColumnList.LoadIssueCounts. * integration: extended testAPIListProjectColumnIssues / -User / -Org to close an issue, then verify default=open hides it, state=closed and state=all return it, and the column-list response carries the correct open/closed/total split. Closes #4, closes #5 |
||
|
oleks
|
580fe2df32 |
Merge pull request 'feat(api): user-scope and org-scope project board endpoints' (#2) from user-org-project-api into main
Reviewed-on: #2v1.26.0-unstable-2026-05-15 |
||
|
Oleks
|
909bff1a52 |
test(api): add MoveProjectIssue integration test for repo project scope
The repo-scope POST .../projects/{id}/issues/{issue_id}/move handler had no
test coverage. Adds testAPIMoveProjectIssue with happy-path move, 422 on
non-existent target column, and 404 when the issue isn't in the project.
|
||
|
Oleks
|
8ae6245c19 |
feat(api): add user-scope and org-scope project board endpoints
Adds the missing REST surface that mirrors the existing repo-scope project
API onto user and organization namespaces, so projects at /{owner}/-/projects/
become programmatically manageable (linking issues, listing column membership,
moving cards between columns) without browser-session auth.
Routes registered under /api/v1/users/{username}/projects/... and
/api/v1/orgs/{org}/projects/..., gated by AccessTokenScopeCategoryIssue.
User-scope writes require owner==doer or site admin; org-scope writes
require org membership. Handlers copy the repo-scope shape rather than
refactoring the existing repo handlers, keeping shipping code untouched.
Integration tests cover CRUD, columns, issue add/remove/move, listing per
column, and the permission matrix (owner/non-member/admin) for both scopes.
|
||
|
Oleks
|
086dd1858e |
ci: gate upstream release workflows on go-gitea/gitea
release-nightly / nightly-binary (push) Cancelled after 0s
release-nightly / nightly-container (push) Cancelled after 0s
The 3 release workflows (nightly, RC, version) target namespace-profile-gitea-* runners that exist only on upstream's Namespace.so CI cloud. On forks they queue forever waiting for labels that never appear. Gate each job on github.repository, matching the existing gate on cron-*.yml. Fork-only diff. |
||
|
Oleks
|
013e844724 |
fix(api): filter list-column-issues by project_board_id
release-nightly / nightly-binary (push) Cancelled after 0s
release-nightly / nightly-container (push) Cancelled after 0s
cache-seeder / gobuild (push) Cancelled after 0s
cache-seeder / lint (lint-backend, bindata, lint-backend) (push) Cancelled after 0s
ListProjectColumnIssues was returning every issue in the project regardless of which column was requested. The handler set ProjectIDs but had no way to constrain to a specific column, and applyProjectCondition only joined project_issue on project_id. Add IssuesOptions.ProjectColumnID and extend the single-project branch of applyProjectCondition to include project_board_id in the JOIN when set. Strengthen the integration test: previously it placed two issues in the project (default column) and asserted a column listing returned 2, which masked the bug. Now create two distinct columns, move one issue into each, and verify each column's listing returns exactly the issue it owns. Reported during e2e validation on git.oleks.space against the production fork (1.26.0-unstable-2026-05-11). Worth back-porting to upstream PR #37518. |
||
|
Oleks
|
5a886307fd |
chore(ddev): add build-gitea-frontend command
`make backend` embeds public/ via go:embed at compile time, so any frontend asset change requires: ddev build-gitea-frontend # vite into public/assets/ ddev build-gitea # re-embed public/ into the binary ddev restart # pick up new binary |
||
|
Oleks
|
d4d44cf283 |
chore(ddev): local dev environment for testing the Projects API
`ddev start` provisions: - web container: Debian + Go 1.26.3 + node 24, builds gitea via `ddev build-gitea` - db: postgres 17 - router: https://gitea.ddev.site → gitea on container port 3000 First-run steps: ddev start ddev build-gitea ddev restart ddev exec './gitea --config .ddev/gitea/app.ini admin user create \ --admin --username ddev --password ddev1234567890 \ --email ddev@example.com --must-change-password=false' .ddev/.gitignore uses a whitelist: only the 6 files we authored are tracked; DDEV's generated content (compose files, provider templates, snapshots, gocache, gitea runtime data) is ignored. |
||
|
Oleks
|
8734be114a | style: auto-format from pre-push hooks | ||
|
Oleks
|
921b32984b |
chore(devshell): add test shell without static glibc
The default shell links cgo statically against glibc.static for the production gitea binary. Test binaries built in that shell segfault inside cgo NSS calls (getaddrinfo/getpwuid_r) because the static glibc NSS modules need matching dynamic libs at runtime. Split the shell: - `nix develop` -> production build shell (static, unchanged) - `nix develop .#test` -> test/dev shell, no static glibc Verified: TestAPIProjects passes in the `test` shell. |
||
|
Oleks
|
77e3801a9c | chore(devshell): add golangci-lint, govulncheck, and tea to nix shell | ||
|
Oleks
|
1011241a67 |
feat(api): add REST API for repository project boards
Cherry-pick of upstream PR go-gitea/gitea#37518 onto feat/projects-api. The PR is itself a rebase of #36831 onto main, adapted for the multi-projects-per-issue model added in #36784. Endpoints (all under /repos/{owner}/{repo}/projects...): GET . list projects POST . create project GET /{id} get project PATCH /{id} update project DELETE /{id} delete project GET /{id}/columns list columns POST /{id}/columns create column PATCH /columns/{id} update column DELETE /columns/{id} delete column GET /columns/{id}/issues list issues in column POST /columns/{id}/issues/{issue_id} add/move issue to column DELETE /columns/{id}/issues/{issue_id} remove issue from column POST /columns/{id}/issues/{issue_id}/move move between columns Source: https://github.com/go-gitea/gitea/pull/37518 |
||
|
Nicolas
|
187daac598 |
fix: Sort action run jobs by JobID and Name with matrix examples (#37046)
Fix the sorting of jobs out of a matrix ## Before <img width="415" height="487" alt="grafik" src="https://github.com/user-attachments/assets/b628adb9-9158-4106-89f1-d8ecaa98f17d" /> ## After <img width="423" height="365" alt="grafik" src="https://github.com/user-attachments/assets/d26223d5-96da-4bdc-bbfe-389101d28cc8" /> --------- Signed-off-by: Nicolas <bircni@icloud.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> |
||
|
wxiaoguang
|
3738809219 |
fix: catch and fix more lint problems (#37674)
Changes are done by "make lint-go-fix" |
||
|
silverwind
|
ffd5e0698b |
docs(agents): update AGENTS.md (#37684)
Add two rules to `AGENTS.md` for recurring issues. Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
79f7062d9e |
fix(actions): run TransferLogs on UpdateLog{Rows:[], NoMore:true} (#37631)
`UpdateLog` short-circuits on `len(Rows)==0` before honoring `NoMore`,
so a final empty `UpdateLog{NoMore:true}` never runs `TransferLogs`. The
task's `dbfs_data` rows are then never moved to log storage and never
deleted.
Fix: let `NoMore=true` with no new rows fall through to `TransferLogs`.
Bail when the runner has outrun the server (`Index > ack`) even with
`NoMore`, since archiving a log with a gap is worse than retrying.
Always call `WriteLogs` so `offset==0` bootstraps an empty DBFS file in
the no-output case (otherwise `TransferLogs` would fail at `dbfs.Open`).
Fixes: https://github.com/go-gitea/gitea/issues/37623
Ref: https://gitea.com/gitea/runner/pulls/952
Ref: https://gitea.com/gitea/runner/pulls/950
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
|
||
|
GiteaBot
|
f01953e764 | [skip ci] Updated translations via Crowdin | ||
|
Giteabot
|
6a27066269 |
fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test (#37662)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [mermaid](https://redirect.github.com/mermaid-js/mermaid) | [`11.14.0` → `11.15.0`](https://renovatebot.com/diffs/npm/mermaid/11.14.0/11.15.0) |  |  | --- ### Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection [CVE-2026-41148](https://nvd.nist.gov/vuln/detail/CVE-2026-41148) / [GHSA-xcj9-5m2h-648r](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r) <details> <summary>More information</summary> #### Details ##### Details The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures `classDef` values with an unrestricted regex: ```jison // packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83 <CLASSDEFID>[^\n]* { this.popState(); return 'CLASSDEF_STYLEOPTS' } ``` The value passes unsanitized through `addStyleClass()` -> `createCssStyles()` -> `style.innerHTML` (mermaidAPI.ts:418). A `}` in the value closes the generated CSS selector, and everything after becomes a new CSS rule on the page. ##### PoC ``` stateDiagram-v2 classDef x }*{ background-image: url("http://media.giphy.com/media/SggILpMXO7Xt6/giphy.gif")} ``` Live demo: <https://mermaid.live/edit#pako:eNpFjzFvgzAQhf-KdVNbEcBgMHhtlkqtOnSJKi8ONsYKBmRMlRTx3-skanvTfbp7996t0IxSAYPZC6_2Rmgn7O4rQ00v5nmvWnRG29OKjqI5aTcug9wZK7RiaHH9A4fO-4kliVXSiFibqbvEzWjvnHxo_fI6vR3e6cGXyX2qTcvhcYMItDMSmHeLisAqZ8UVYeUDQhx8p6ziwEIrhTtx4MNVM4nhcxztrywE0h2wVvRzoGWS_z_8rahBKvcckntgmN5OAFvhDIzUNCZZQXCR5nVaZkUEF2BVFpOcEkoxxhUuyRbB980yjStapKHqoKFlhvPtB7BFZEU> ##### Patches This has been patched in: - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102)) ##### Workarounds Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ##### Impact Enables page defacement, user tracking via `url()` callbacks, and DOM attribute exfiltration via CSS `:has()` selectors. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r) - [https://github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102) - [https://github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) - [https://github.com/advisories/GHSA-xcj9-5m2h-648r](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection [CVE-2026-41149](https://nvd.nist.gov/vuln/detail/CVE-2026-41149) / [GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr) <details> <summary>More information</summary> #### Details ##### Impact Under the default configuration, Mermaid state diagram's `classDef` allow DOM injection that escapes the SVG, although `<script>` tags are removed, preventing XSS. ##### Proof-of-concept ``` stateDiagram-v2 classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}</style><div style="x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black">HACKED</div><svg><style>a:b [*] --> A:::xss ``` ##### Patches - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3)) ##### Workarounds If you can not update to a patched version, setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ##### Credits Thanks to @​zsxsoft from @​KeenSecurityLab for reporting this vulnerability. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr) - [https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056) - [https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) - [https://github.com/advisories/GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of configuration leads to CSS injection [CVE-2026-41159](https://nvd.nist.gov/vuln/detail/CVE-2026-41159) / [GHSA-87f9-hvmw-gh4p](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p) <details> <summary>More information</summary> #### Details ##### Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the `fontFamily`, `themeCSS`, and `altFontFamily` configuration options. Live demo: [mermaid.live](https://mermaid.live/edit#pako:eNpNjktLxDAUhf9KvFBR6JS-60QQfODKlUvJ5k6TtsEmKTHFGUP-u-mI6Nmdy3fOPR56wwVQSBIvtXSUeAaD0e4ZlZxPDChhcLxFfwiEauOuLq_9Afv30ZpVczpaITS5kGox1qF2gfSeBwYhJAnThAyz-ewntI68vG5-0z3Z7e7IA9OQwmglB-rsKlJQwircLPgNZeAmocTPAi4GXGfHgOkQYwvqN2PUbzJuGSegA84f0a0LRyeeJI4W_xChubCPcbQD2pwbgHo4Aq2aKmvbqq3zoiu7pizqFE6RybN9VFfFY1HWXRVS-Dr_zLObrt7_V_gGGXZlGg) Example code: ``` %%{init: {"fontFamily": "x;a{b} :not(&){background:green !important} c{d}"}}%% flowchart LR A --> B ``` The injected CSS exploits stylis's `&` (scope reference) handling. `:not(&)` escapes the `#mermaid-xxx` automatic scoping, applying styles to all page elements. Global at-rules (`@font-face`, `@keyframes`, `@counter-style`) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS `:has()` selectors. ##### Patches - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76)) ##### Workarounds If you can't upgrade mermaid, you can set the [`secure`](https://mermaid.js.org/config/schema-docs/config.html#secure) config value in the mermaid config to avoid allowing diagrams to modify `fontFamily`, `themeCSS`, `altFontFamily`, and `themeVariables`. Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will also prevent this. ##### Credits Reported by @​zsxsoft on behalf of @​KeenSecurityLab #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p) - [https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa) - [https://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://github.com/advisories/GHSA-87f9-hvmw-gh4p](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS [CVE-2026-41150](https://nvd.nist.gov/vuln/detail/CVE-2026-41150) / [GHSA-6m6c-36f7-fhxh](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh) <details> <summary>More information</summary> #### Details ##### Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the [`excludes` attribute](https://mermaid.js.org/syntax/gantt.html?#excludes) to exclude all dates. Example: ``` gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d ``` `mermaid.parse` is unaffected, unless you then call the `ganttDb.getTasks()` (which is called when rendering a diagram). ##### Patches This has been patched in: - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6)) ##### Workarounds There are no workarounds available without updating to a newer version of mermaid. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh) - [https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6) - [https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://github.com/advisories/GHSA-6m6c-36f7-fhxh](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh) This data is provided by the [GitHub Advisory Database](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid Gantt Charts are vulnerable to an Infinite Loop DoS [CVE-2026-41150](https://nvd.nist.gov/vuln/detail/CVE-2026-41150) / [GHSA-6m6c-36f7-fhxh](https://redirect.github.com/advisories/GHSA-6m6c-36f7-fhxh) <details> <summary>More information</summary> #### Details ##### Impact Mermaid v11.14.0 and earlier are vulnerable to a denial-of-service attack when rendering gantt charts, if they use the [`excludes` attribute](https://mermaid.js.org/syntax/gantt.html?#excludes) to exclude all dates. Example: ``` gantt excludes monday,tuesday,wednesday,thursday,friday,saturday,sunday DoS :2025-01-01, 1d ``` `mermaid.parse` is unaffected, unless you then call the `ganttDb.getTasks()` (which is called when rendering a diagram). ##### Patches This has been patched in: - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6)) ##### Workarounds There are no workarounds available without updating to a newer version of mermaid. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-6m6c-36f7-fhxh) - [https://github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6](https://redirect.github.com/mermaid-js/mermaid/commit/a59ea56174712ee5430dfd5bc877cb5151f501a6) - [https://github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e) - [https://github.com/mermaid-js/mermaid](https://redirect.github.com/mermaid-js/mermaid) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-6m6c-36f7-fhxh) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of configuration leads to CSS injection [CVE-2026-41159](https://nvd.nist.gov/vuln/detail/CVE-2026-41159) / [GHSA-87f9-hvmw-gh4p](https://redirect.github.com/advisories/GHSA-87f9-hvmw-gh4p) <details> <summary>More information</summary> #### Details ##### Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the `fontFamily`, `themeCSS`, and `altFontFamily` configuration options. Live demo: [mermaid.live](https://mermaid.live/edit#pako:eNpNjktLxDAUhf9KvFBR6JS-60QQfODKlUvJ5k6TtsEmKTHFGUP-u-mI6Nmdy3fOPR56wwVQSBIvtXSUeAaD0e4ZlZxPDChhcLxFfwiEauOuLq_9Afv30ZpVczpaITS5kGox1qF2gfSeBwYhJAnThAyz-ewntI68vG5-0z3Z7e7IA9OQwmglB-rsKlJQwircLPgNZeAmocTPAi4GXGfHgOkQYwvqN2PUbzJuGSegA84f0a0LRyeeJI4W_xChubCPcbQD2pwbgHo4Aq2aKmvbqq3zoiu7pizqFE6RybN9VFfFY1HWXRVS-Dr_zLObrt7_V_gGGXZlGg) Example code: ``` %%{init: {"fontFamily": "x;a{b} :not(&){background:green !important} c{d}"}}%% flowchart LR A --> B ``` The injected CSS exploits stylis's `&` (scope reference) handling. `:not(&)` escapes the `#mermaid-xxx` automatic scoping, applying styles to all page elements. Global at-rules (`@font-face`, `@keyframes`, `@counter-style`) are also injectable as stylis hoists them to top level. This allows page defacement and DOM attribute exfiltration via CSS `:has()` selectors. ##### Patches - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76)) ##### Workarounds If you can't upgrade mermaid, you can set the [`secure`](https://mermaid.js.org/config/schema-docs/config.html#secure) config value in the mermaid config to avoid allowing diagrams to modify `fontFamily`, `themeCSS`, `altFontFamily`, and `themeVariables`. Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will also prevent this. ##### Credits Reported by @​zsxsoft on behalf of @​KeenSecurityLab #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-87f9-hvmw-gh4p) - [https://github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa) - [https://github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76](https://redirect.github.com/mermaid-js/mermaid/commit/a9d9f0d8eb790349121508688cd338253fd80d76) - [https://github.com/mermaid-js/mermaid](https://redirect.github.com/mermaid-js/mermaid) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-87f9-hvmw-gh4p) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of `classDef` in state diagrams leads to HTML injection [CVE-2026-41149](https://nvd.nist.gov/vuln/detail/CVE-2026-41149) / [GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/advisories/GHSA-ghcm-xqfw-q4vr) <details> <summary>More information</summary> #### Details ##### Impact Under the default configuration, Mermaid state diagram's `classDef` allow DOM injection that escapes the SVG, although `<script>` tags are removed, preventing XSS. ##### Proof-of-concept ``` stateDiagram-v2 classDef xss fill:red</style></svg><style>*{x:x;y:y;overflow:visible!important;contain:none!important;transform:none!important;filter:none!important;clip-path:none!important}</style><div style="x:x;y:y;color:red;font:5em/1 monospace;display:grid;place-items:center;z-index:2147483647;width:100vw;height:100vh;position:fixed;top:0;left:0;background:black">HACKED</div><svg><style>a:b [*] --> A:::xss ``` ##### Patches - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3)) ##### Workarounds If you can not update to a patched version, setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ##### Credits Thanks to @​zsxsoft from @​KeenSecurityLab for reporting this vulnerability. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-ghcm-xqfw-q4vr) - [https://github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056) - [https://github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3](https://redirect.github.com/mermaid-js/mermaid/commit/4e2d512bf5bf6f9de1a8f0a48da78dc4d09ac4f3) - [https://github.com/mermaid-js/mermaid](https://redirect.github.com/mermaid-js/mermaid) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-ghcm-xqfw-q4vr) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection [CVE-2026-41148](https://nvd.nist.gov/vuln/detail/CVE-2026-41148) / [GHSA-xcj9-5m2h-648r](https://redirect.github.com/advisories/GHSA-xcj9-5m2h-648r) <details> <summary>More information</summary> #### Details ##### Details The state diagram and any other diagram type that routes user-controlled style strings through createCssStyles parser for Mermaid v11.14.0 and earlier captures `classDef` values with an unrestricted regex: ```jison // packages/mermaid/src/diagrams/state/parser/stateDiagram.jison:83 <CLASSDEFID>[^\n]* { this.popState(); return 'CLASSDEF_STYLEOPTS' } ``` The value passes unsanitized through `addStyleClass()` -> `createCssStyles()` -> `style.innerHTML` (mermaidAPI.ts:418). A `}` in the value closes the generated CSS selector, and everything after becomes a new CSS rule on the page. ##### PoC ``` stateDiagram-v2 classDef x }*{ background-image: url("http://media.giphy.com/media/SggILpMXO7Xt6/giphy.gif")} ``` Live demo: <https://mermaid.live/edit#pako:eNpFjzFvgzAQhf-KdVNbEcBgMHhtlkqtOnSJKi8ONsYKBmRMlRTx3-skanvTfbp7996t0IxSAYPZC6_2Rmgn7O4rQ00v5nmvWnRG29OKjqI5aTcug9wZK7RiaHH9A4fO-4kliVXSiFibqbvEzWjvnHxo_fI6vR3e6cGXyX2qTcvhcYMItDMSmHeLisAqZ8UVYeUDQhx8p6ziwEIrhTtx4MNVM4nhcxztrywE0h2wVvRzoGWS_z_8rahBKvcckntgmN5OAFvhDIzUNCZZQXCR5nVaZkUEF2BVFpOcEkoxxhUuyRbB980yjStapKHqoKFlhvPtB7BFZEU> ##### Patches This has been patched in: - [v11.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) (see [e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f)) - [v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) (see [8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102)) ##### Workarounds Setting [`"securityLevel": "sandbox"`](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) will prevent this, by rendering the mermaid diagram in a sandboxed `<iframe>`. ##### Impact Enables page defacement, user tracking via `url()` callbacks, and DOM attribute exfiltration via CSS `:has()` selectors. #### Severity - CVSS Score: 5.3 / 10 (Medium) - Vector String: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L` #### References - [https://github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r](https://redirect.github.com/mermaid-js/mermaid/security/advisories/GHSA-xcj9-5m2h-648r) - [https://github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102](https://redirect.github.com/mermaid-js/mermaid/commit/8fead23c59166b7bab6a39eac81acebee2859102) - [https://github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f) - [https://github.com/mermaid-js/mermaid](https://redirect.github.com/mermaid-js/mermaid) - [https://github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) - [https://github.com/mermaid-js/mermaid/releases/tag/v10.9.6](https://redirect.github.com/mermaid-js/mermaid/releases/tag/v10.9.6) - [https://mermaid.js.org/config/schema-docs/config.html#securitylevel](https://mermaid.js.org/config/schema-docs/config.html#securitylevel) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-xcj9-5m2h-648r) and the [GitHub Advisory Database](https://redirect.github.com/github/advisory-database) ([CC-BY 4.0](https://redirect.github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>mermaid-js/mermaid (mermaid)</summary> ### [`v11.15.0`](https://redirect.github.com/mermaid-js/mermaid/releases/tag/mermaid%4011.15.0) [Compare Source](https://redirect.github.com/mermaid-js/mermaid/compare/mermaid@11.14.0...mermaid@11.15.0) ##### Minor Changes - [#​7174](https://redirect.github.com/mermaid-js/mermaid/pull/7174) [`0aca217`](https://redirect.github.com/mermaid-js/mermaid/commit/0aca21739c0d1fcaaa206e04a6cd574ebc415483) Thanks [@​milesspencer35](https://redirect.github.com/milesspencer35)! - feat(sequence): Add support for decimal start and increment values in the `autonumber` directive - [#​7512](https://redirect.github.com/mermaid-js/mermaid/pull/7512) [`8e17492`](https://redirect.github.com/mermaid-js/mermaid/commit/8e17492f7365ba50896382feb69a23efd9d8a22d) Thanks [@​aruncveli](https://redirect.github.com/aruncveli)! - feat(flowchart): add datastore shape In Data flow diagrams, a datastore/warehouse/file/database is used to represent data persistence. It is denoted by a rectangle with only top and bottom borders, and can be used in flowcharts with `A@{ shape: datastore, label: "Datastore" }`. - [#​6440](https://redirect.github.com/mermaid-js/mermaid/pull/6440) [`9ad8dde`](https://redirect.github.com/mermaid-js/mermaid/commit/9ad8dde6d049adde85d8ed2d476c09b5820f3f4b) Thanks [@​yordis](https://redirect.github.com/yordis), [@​lgazo](https://redirect.github.com/lgazo)! - feat: add Event Modeling diagram - [#​7707](https://redirect.github.com/mermaid-js/mermaid/pull/7707) [`27db774`](https://redirect.github.com/mermaid-js/mermaid/commit/27db774627be1cee881961dfd0d2cb21cd01b79d) Thanks [@​txmxthy](https://redirect.github.com/txmxthy)! - feat(architecture): expose four fcose layout knobs for `architecture-beta` diagrams (`nodeSeparation`, `idealEdgeLengthMultiplier`, `edgeElasticity`, `numIter`) so authors can tune layout density and spread overlapping siblings without changing diagram source - [#​7604](https://redirect.github.com/mermaid-js/mermaid/pull/7604) [`bf9502f`](https://redirect.github.com/mermaid-js/mermaid/commit/bf9502fb6012a4b724679b401ac928f5ee55161c) Thanks [@​M-a-c](https://redirect.github.com/M-a-c)! - feat(class): add nested namespace support for class diagrams via dot notation and syntactic nesting If you have namespaces in class diagrams that use `.`s already and want to render them without nesting (≤v11.14.0 behaviour), you can use set `class.hierarchicalNamespaces=false` in your mermaid config: ```yaml config: class: hierarchicalNamespaces: false ``` - [#​7272](https://redirect.github.com/mermaid-js/mermaid/pull/7272) [`88cdd3d`](https://redirect.github.com/mermaid-js/mermaid/commit/88cdd3dc0aab9577174561b04e14760c565a232b) Thanks [@​xinbenlv](https://redirect.github.com/xinbenlv)! - feat(sankey): add outlined label style, configurable nodeWidth/nodePadding, and custom node colors ##### Patch Changes - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`e9b0f34`](https://redirect.github.com/mermaid-js/mermaid/commit/e9b0f34d8d82a6260077764ee45e1d7d90957a0f) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: prevent unbalanced CSS styles in classDefs - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`37ff937`](https://redirect.github.com/mermaid-js/mermaid/commit/37ff937f1da2e19f882fd1db01235db4d01f4056) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: create CSS styles using the CSSOM This removes some invalid CSS and normalizes some CSS formatting. - [#​7508](https://redirect.github.com/mermaid-js/mermaid/pull/7508) [`bfe60cc`](https://redirect.github.com/mermaid-js/mermaid/commit/bfe60cc67b9a6dec64f9161f58e4d24a06c42b65) Thanks [@​biiab](https://redirect.github.com/biiab)! - fix(stateDiagram): `end note` now only closes a note when used on a new line - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`faafb5d`](https://redirect.github.com/mermaid-js/mermaid/commit/faafb5d49106dd32c367f3882505f2dd625aa30e) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix(gantt): add iteration limit for `excludes` field - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`65f8be2`](https://redirect.github.com/mermaid-js/mermaid/commit/65f8be2a42faf869b811469571983cba7eeeca99) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: disallow some CSS at-rules in custom CSS - [#​7726](https://redirect.github.com/mermaid-js/mermaid/pull/7726) [`1502f32`](https://redirect.github.com/mermaid-js/mermaid/commit/1502f32f3c5fb944925b0c527fbbde3c4f041824) Thanks [@​aloisklink](https://redirect.github.com/aloisklink)! - fix(wardley): fix unnecessary sanitization of text - [#​7578](https://redirect.github.com/mermaid-js/mermaid/pull/7578) [`1f98db8`](https://redirect.github.com/mermaid-js/mermaid/commit/1f98db8e326299ac97a2fa60abfd509d8f5f16e2) Thanks [@​Gaston202](https://redirect.github.com/Gaston202)! - fix(class): self-referential class multiplicity labels no longer rendered multiple times Fixes [#​7560](https://redirect.github.com/mermaid-js/mermaid/issues/7560). Resolves an issue where cardinality labels on self-referential class relationships were rendered three times due to edge splitting in the dagre layout. The fix ensures that each sub-edge only carries its relevant label positions. - [#​7592](https://redirect.github.com/mermaid-js/mermaid/pull/7592) [`2343e38`](https://redirect.github.com/mermaid-js/mermaid/commit/2343e38498a3b31f8ce5e79f1f009e0b56fbe086) Thanks [@​knsv-bot](https://redirect.github.com/knsv-bot)! - fix(sequence): add background box behind alt/else section title labels in sequence diagrams - [#​7589](https://redirect.github.com/mermaid-js/mermaid/pull/7589) [`7fb9509`](https://redirect.github.com/mermaid-js/mermaid/commit/7fb9509b8b5cb1dc48519dc60cf6cdc6afba0462) Thanks [@​NYCU-Chung](https://redirect.github.com/NYCU-Chung)! - fix(block): prevent column widths from shrinking when mixing different column spans - [#​7632](https://redirect.github.com/mermaid-js/mermaid/pull/7632) [`3f9e0f1`](https://redirect.github.com/mermaid-js/mermaid/commit/3f9e0f15bedc1e2c71ddb6b34192d1a21124cfc2) Thanks [@​ekiauhce](https://redirect.github.com/ekiauhce)! - fix(sequence): correct messageAlign label position for right-to-left arrows in sequence diagrams - [#​7642](https://redirect.github.com/mermaid-js/mermaid/pull/7642) [`7a8fb85`](https://redirect.github.com/mermaid-js/mermaid/commit/7a8fb8532c57ecc55b3711454ab0e505a4291445) Thanks [@​tractorjuice](https://redirect.github.com/tractorjuice)! - fix(wardley): allow hyphens in unquoted component names Multi-word names containing hyphens — e.g. `real-time processing`, `end-user`, `on-call engineer` — now parse without quoting, bringing the grammar in line with the OnlineWardleyMaps (OWM) convention. `A->B` (no-space arrow) still tokenises correctly. - [#​7523](https://redirect.github.com/mermaid-js/mermaid/pull/7523) [`5144ed4`](https://redirect.github.com/mermaid-js/mermaid/commit/5144ed4b138ae0f4836bab4c163c575e0a767dd3) Thanks [@​darshanr0107](https://redirect.github.com/darshanr0107)! - fix(block): Arrow blocks in block-beta diagrams not spanning the specified number of columns when using `:n` syntax. - [#​7262](https://redirect.github.com/mermaid-js/mermaid/pull/7262) [`13d9bfa`](https://redirect.github.com/mermaid-js/mermaid/commit/13d9bfa4748e845a9eec7d6265ba496d2278f26e) Thanks [@​darshanr0107](https://redirect.github.com/darshanr0107)! - fix(block): Ensure block diagram hexagon blocks respect column spanning syntax - [#​7684](https://redirect.github.com/mermaid-js/mermaid/pull/7684) [`e14bb88`](https://redirect.github.com/mermaid-js/mermaid/commit/e14bb88bdb940124cdb0a107025653bf93745c99) Thanks [@​aloisklink](https://redirect.github.com/aloisklink)! - fix: loosen `uuid` dependency range to allow v14 Mermaid does not use any of the vulnerable code in CVE-2026-41907, but this allows users to silence any `npm audit` alerts on it. - [#​7633](https://redirect.github.com/mermaid-js/mermaid/pull/7633) [`9217c0d`](https://redirect.github.com/mermaid-js/mermaid/commit/9217c0d8b221b423af80e420b7adae901acf6c8c) Thanks [@​Felix-Garci](https://redirect.github.com/Felix-Garci)! - fix(block): add support for all arrow types in block diagrams - [#​7587](https://redirect.github.com/mermaid-js/mermaid/pull/7587) [`5e7eb62`](https://redirect.github.com/mermaid-js/mermaid/commit/5e7eb62e3aba6b5df559f5c839a868e5b7f40e72) Thanks [@​MaddyGuthridge](https://redirect.github.com/MaddyGuthridge)! - chore: drop lodash-es in favour of es-toolkit - [#​7693](https://redirect.github.com/mermaid-js/mermaid/pull/7693) [`afaf306`](https://redirect.github.com/mermaid-js/mermaid/commit/afaf3062381d115d66744413151b642f124dd9ba) Thanks [@​dull-bird](https://redirect.github.com/dull-bird)! - fix(quadrant-chart): allow CJK, emoji, Latin-1 accented characters, and other non-ASCII text in unquoted axis/quadrant/point labels. Previously the lexer only matched ASCII `[A-Za-z]+` for text tokens, even though the grammar referenced `UNICODE_TEXT`. Bare Chinese, Japanese, Korean, emoji, and accented Latin characters in labels caused a parse error. Added a `[^\x00-\x7F]+` lexer rule to emit `UNICODE_TEXT` and included it in the `alphaNumToken` grammar rule. Fixes [#​7120](https://redirect.github.com/mermaid-js/mermaid/issues/7120). - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`4755553`](https://redirect.github.com/mermaid-js/mermaid/commit/4755553d5fb6d1217809e43ffb8fc54d6a73e482) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: improve D3 types for mermaidAPI funcs - [#​7737](https://redirect.github.com/mermaid-js/mermaid/pull/7737) [`6476973`](https://redirect.github.com/mermaid-js/mermaid/commit/64769738d5b59211e1decb471ffbaca8afec51aa) Thanks [@​ashishjain0512](https://redirect.github.com/ashishjain0512)! - fix: handle `&` when namespacing CSS rules - [#​7520](https://redirect.github.com/mermaid-js/mermaid/pull/7520) [`8c1a0c1`](https://redirect.github.com/mermaid-js/mermaid/commit/8c1a0c1fd19587c6772d6966fe9d217e5cd1356c) Thanks [@​RodrigojndSantos](https://redirect.github.com/RodrigojndSantos)! - fix(stateDiagram): comments starting with one `%` are no longer treated as comments Switch to using two `%%` if you want to write a comment. - Updated dependencies \[[`7a8fb85`](https://redirect.github.com/mermaid-js/mermaid/commit/7a8fb8532c57ecc55b3711454ab0e505a4291445), [`675a64c`](https://redirect.github.com/mermaid-js/mermaid/commit/675a64ca0e3cde8728ca715991623c3fc055ce88)]: - [@​mermaid-js/parser](https://redirect.github.com/mermaid-js/parser)@​1.1.1 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - "" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
Nicolas
|
71f3e28fe5 | ci: Also lint json5 files (#37659) | ||
|
Nicolas
|
de290f2121 |
fix(templates): avoid misleading compare message when branches lack merge base (#37651)
## Summary When comparing branches with **no common merge base** (e.g. unrelated histories or orphan branches), `PageIsComparePull` is false and `CommitCount` is zero. The compare template still showed `repo.commits.nothing_to_compare`, which in German reads like the branches are identical—even though the flash already explains there is no merge base. ## Changes - **`templates/repo/diff/compare.tmpl`**: Only render the grey “nothing to compare” segment when `CompareInfo.CompareBase` is set. <img width="1962" height="564" src="https://github.com/user-attachments/assets/adc3b4a0-6f03-45da-b297-e15e5ad0aa79" /> Fixes #37642 --------- Signed-off-by: Nicolas <bircni@icloud.com> |
||
|
Giteabot
|
8cd8291ed0 |
fix(deps): update npm dependencies (#37647)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | @​codemirror/autocomplete | [`6.20.1` → `6.20.2`](https://renovatebot.com/diffs/npm/@codemirror%2fautocomplete/6.20.1/6.20.2) |  |  | | @​codemirror/lint | [`6.9.5` → `6.9.6`](https://renovatebot.com/diffs/npm/@codemirror%2flint/6.9.5/6.9.6) |  |  | | @​codemirror/view | [`6.41.1` → `6.42.0`](https://renovatebot.com/diffs/npm/@codemirror%2fview/6.41.1/6.42.0) |  |  | | [vue](https://vuejs.org/) ([source](https://redirect.github.com/vuejs/core)) | [`3.5.33` → `3.5.34`](https://renovatebot.com/diffs/npm/vue/3.5.33/3.5.34) |  |  | --- ### Release Notes <details> <summary>vuejs/core (vue)</summary> ### [`v3.5.34`](https://redirect.github.com/vuejs/core/blob/HEAD/CHANGELOG.md#3534-2026-05-06) [Compare Source](https://redirect.github.com/vuejs/core/compare/v3.5.33...v3.5.34) ##### Bug Fixes - **compiler-sfc:** infer Vue ref wrapper types when source is unresolvable ([#​14758](https://redirect.github.com/vuejs/core/issues/14758)) ([7f46fd4](https://redirect.github.com/vuejs/core/commit/7f46fd411b4e3f75ca755ee1318ea8e9aff43f56)), closes [#​14729](https://redirect.github.com/vuejs/core/issues/14729) - **compiler-sfc:** preserve hash hrefs on `<image>` elements ([#​14756](https://redirect.github.com/vuejs/core/issues/14756)) ([090b2e3](https://redirect.github.com/vuejs/core/commit/090b2e3a5149ec951c5313b270e5400a1fc870ce)) - **compiler-sfc:** resolve type re-exports inside declare global ([#​14766](https://redirect.github.com/vuejs/core/issues/14766)) ([acfffe3](https://redirect.github.com/vuejs/core/commit/acfffe34e7724a84c21bb8e51e8a5bc0da35f350)) - **reactivity:** prevent orphan effect when created in a stopped scope ([#​14778](https://redirect.github.com/vuejs/core/issues/14778)) ([c8e2d4a](https://redirect.github.com/vuejs/core/commit/c8e2d4adc9112d2529de0434acc1188dfc399bf4)), closes [#​14777](https://redirect.github.com/vuejs/core/issues/14777) - **runtime-core:** avoid symbol coercion during props validation ([#​8539](https://redirect.github.com/vuejs/core/issues/8539)) ([23d4fb5](https://redirect.github.com/vuejs/core/commit/23d4fb5a6a070df3d2d4a043f0f62c141e376095)), closes [#​8487](https://redirect.github.com/vuejs/core/issues/8487) - **suspense:** avoid DOM leak with out-in transition in v-if fragment ([#​14762](https://redirect.github.com/vuejs/core/issues/14762)) ([9667e0d](https://redirect.github.com/vuejs/core/commit/9667e0d498ab39273614682986a666c3e73024d9)), closes [#​14761](https://redirect.github.com/vuejs/core/issues/14761) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
wxiaoguang
|
2eb7b3c7da |
refactor: routing info middleware (#37653)
fix #37650 |
||
|
Giteabot
|
7621b65403 |
chore(deps): update action dependencies (major) (#37638)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | major | `2021.12.29` → `2025.7.23` | | [bitnamilegacy/minio](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/minio)) | service | major | `2023.12.23` → `2025.7.23` | | [bitnamilegacy/mysql](https://redirect.github.com/bitnami/containers) ([source](https://redirect.github.com/bitnami/containers/tree/HEAD/bitnami/mysql)) | service | major | `8.4` → `9.4` | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
Giteabot
|
510b729212 |
fix(deps): update go dependencies (major) (#37639)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [github.com/dlclark/regexp2](https://redirect.github.com/dlclark/regexp2) | `v1.12.0` → `v2.0.1` |  |  | | [github.com/google/go-github/v84](https://redirect.github.com/google/go-github) | `v84.0.0` → `v85.0.0` |  |  | | [gitlab.com/gitlab-org/api/client-go](https://gitlab.com/gitlab-org/api/client-go) | `v1.46.0` → `v2.24.1` |  |  | --- ### Release Notes <details> <summary>dlclark/regexp2 (github.com/dlclark/regexp2)</summary> ### [`v2.0.1`](https://redirect.github.com/dlclark/regexp2/compare/v2.0.0...v2.0.1) [Compare Source](https://redirect.github.com/dlclark/regexp2/compare/v2.0.0...v2.0.1) ### [`v2.0.0`](https://redirect.github.com/dlclark/regexp2/compare/v1.12.0...v2.0.0) [Compare Source](https://redirect.github.com/dlclark/regexp2/compare/v1.12.0...v2.0.0) </details> <details> <summary>google/go-github (github.com/google/go-github/v84)</summary> ### [`v85.0.0`](https://redirect.github.com/google/go-github/releases/tag/v85.0.0) [Compare Source](https://redirect.github.com/google/go-github/compare/v84.0.0...v85.0.0) This release contains the following breaking API changes: - fix!: Resolve inconsistent options for `create` and `update` on custom org role ([#​4075](https://redirect.github.com/google/go-github/issues/4075)) BREAKING CHANGE: `GetOrgRole`, `CreateCustomOrgRole`, and `UpdateCustomOrgRole` have new params and return values. - fix!: Change `id` from `int64` to `string` in `ActivityService.MarkThreadDone` ([#​4056](https://redirect.github.com/google/go-github/issues/4056)) BREAKING CHANGE: `ActivityService.MarkThreadDone` accepts `string` `id` instead of `int64`. ...and the following additional changes: - chore: Bump version of go-github to v85.0.0 ([#​4173](https://redirect.github.com/google/go-github/issues/4173)) - chore: Update `openapi_operations.yaml` ([#​4172](https://redirect.github.com/google/go-github/issues/4172)) - security: Reject cross-host redirects to prevent Authorization leak ([#​4171](https://redirect.github.com/google/go-github/issues/4171)) - chore: Improve GitHub Actions workflows lint and testing ([#​4169](https://redirect.github.com/google/go-github/issues/4169)) - chore: Switch legacy redirect handling to new pattern ([#​4161](https://redirect.github.com/google/go-github/issues/4161)) - feat: Add `CodeSecurity` to `SecurityAndAnalysis` ([#​4155](https://redirect.github.com/google/go-github/issues/4155)) - fix: Reject URL path segments containing ".." in all request methods ([#​4150](https://redirect.github.com/google/go-github/issues/4150)) - feat: Refactor repositories download contents ([#​4153](https://redirect.github.com/google/go-github/issues/4153)) - chore: Bump google.org/x/tools to v0.44.0 in /tools ([#​4168](https://redirect.github.com/google/go-github/issues/4168)) - docs: Fix broken blog post link ([#​4160](https://redirect.github.com/google/go-github/issues/4160)) - build(deps): Bump github.com/sigstore/timestamp-authority/v2 from 2.0.3 to 2.0.6 in /example ([#​4156](https://redirect.github.com/google/go-github/issues/4156)) - chore: Update openapi\_operations.yaml ([#​4157](https://redirect.github.com/google/go-github/issues/4157)) - feat: Remove Google App Engine standard support ([#​4152](https://redirect.github.com/google/go-github/issues/4152)) - feat: Add `DownloadCopilotMetrics` helper method ([#​4149](https://redirect.github.com/google/go-github/issues/4149)) - docs: Add `apiVersion` to GitHub API link ([#​4147](https://redirect.github.com/google/go-github/issues/4147)) - chore: Simplify `redundantptr` custom linter ([#​4148](https://redirect.github.com/google/go-github/issues/4148)) - docs: Deprecate old Copilot metrics endpoints closed on April 2, 2026 ([#​4137](https://redirect.github.com/google/go-github/issues/4137)) - refactor: Remove redundant `github.Ptr` calls ([#​4145](https://redirect.github.com/google/go-github/issues/4145)) - fix: Add missing `User` fields ([#​4146](https://redirect.github.com/google/go-github/issues/4146)) - fix: Preserve `Marketplace.Stubbed` during client copy ([#​4144](https://redirect.github.com/google/go-github/issues/4144)) - refactor: Simplify array copying ([#​4143](https://redirect.github.com/google/go-github/issues/4143)) - build(deps): Bump golang.org/x/crypto from 0.49.0 to 0.50.0 in /example ([#​4141](https://redirect.github.com/google/go-github/issues/4141)) - build(deps): Bump github.com/getkin/kin-openapi from 0.134.0 to 0.135.0 in /tools ([#​4142](https://redirect.github.com/google/go-github/issues/4142)) - build(deps): Bump golang.org/x/term from 0.41.0 to 0.42.0 in /example ([#​4140](https://redirect.github.com/google/go-github/issues/4140)) - build(deps): Bump golang.org/x/net from 0.52.0 to 0.53.0 in /scrape ([#​4139](https://redirect.github.com/google/go-github/issues/4139)) - build(deps): Bump go.opentelemetry.io/otel to v1.43.0 ([#​4135](https://redirect.github.com/google/go-github/issues/4135)) - fix: Expand `sanitizeURL` secrets redactions ([#​4126](https://redirect.github.com/google/go-github/issues/4126)) - build(deps): Bump github.com/alecthomas/kong from 1.14.0 to 1.15.0 in /tools ([#​4132](https://redirect.github.com/google/go-github/issues/4132)) - build(deps): Bump actions/setup-go from 6.3.0 to 6.4.0 in the actions group ([#​4131](https://redirect.github.com/google/go-github/issues/4131)) - feat: Add support for custom names and methods that return structs with multiple `[]*T` fields in `gen-iterators.go` ([#​4128](https://redirect.github.com/google/go-github/issues/4128)) - fix: Limit webhook payload size in `ValidatePayloadFromBody` ([#​4125](https://redirect.github.com/google/go-github/issues/4125)) - build(deps): Bump codecov/codecov-action from 5.5.3 to 6.0.0 ([#​4123](https://redirect.github.com/google/go-github/issues/4123)) - fix: Synchronize `requestCount` in rate limit tests ([#​4124](https://redirect.github.com/google/go-github/issues/4124)) - chore: Simplify `generate.sh` by removing `git worktree` and using generator-based check ([#​4120](https://redirect.github.com/google/go-github/issues/4120)) - docs: Improve comments in /examples ([#​4122](https://redirect.github.com/google/go-github/issues/4122)) - chore: Use `golangci-lint-action`; remove `newreposecretwithlibsodium` ([#​4119](https://redirect.github.com/google/go-github/issues/4119)) - feat: Add custom image endpoints for GitHub-hosted runners ([#​4101](https://redirect.github.com/google/go-github/issues/4101)) - chore: Cache custom golangci-lint binaries in GHA workflow ([#​4116](https://redirect.github.com/google/go-github/issues/4116)) - build(deps): Bump github.com/ProtonMail/go-crypto from 1.4.0 to 1.4.1 in /example ([#​4115](https://redirect.github.com/google/go-github/issues/4115)) - build(deps): Bump golang.org/x/tools from 0.29.0 to 0.43.0 in /tools/extraneous-new ([#​4114](https://redirect.github.com/google/go-github/issues/4114)) - build(deps): Bump codecov/codecov-action from 5.5.2 to 5.5.3 ([#​4112](https://redirect.github.com/google/go-github/issues/4112)) - build(deps): Bump github.com/golangci/plugin-module-register from 0.1.1 to 0.1.2 in /tools/extraneous-new ([#​4113](https://redirect.github.com/google/go-github/issues/4113)) - build(deps): Bump github.com/getkin/kin-openapi from 0.133.0 to 0.134.0 in /tools ([#​4111](https://redirect.github.com/google/go-github/issues/4111)) - build(deps): Bump github.com/PuerkitoBio/goquery from 1.11.0 to 1.12.0 in /scrape ([#​4110](https://redirect.github.com/google/go-github/issues/4110)) - chore: Upgrade deps for linters using dependabot ([#​4107](https://redirect.github.com/google/go-github/issues/4107)) - chore: Use `structfield.Settings` in `check-structfield-settings` ([#​4108](https://redirect.github.com/google/go-github/issues/4108)) - build(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.3 in /example ([#​4109](https://redirect.github.com/google/go-github/issues/4109)) - chore: Remove unnecessary use of `new` and `&SomeStruct{}` and add new `extraneousnew` custom linter ([#​4106](https://redirect.github.com/google/go-github/issues/4106)) - feat: Add `NetworkConfigurationID` and `HostedRunnersURL` to enterprise runner group types ([#​4099](https://redirect.github.com/google/go-github/issues/4099)) - feat: Generate accessors for all fields ([#​4105](https://redirect.github.com/google/go-github/issues/4105)) - feat: Add `ListRunnerGroupHostedRunners` for org runner groups ([#​4100](https://redirect.github.com/google/go-github/issues/4100)) - chore: Enable `default: none` linters; remove duplicated ([#​4097](https://redirect.github.com/google/go-github/issues/4097)) - fix: Use `Cursor` pagination for `*.ListHookDeliveriesIter` ([#​4096](https://redirect.github.com/google/go-github/issues/4096)) - chore: Remove duplicated formatters ([#​4094](https://redirect.github.com/google/go-github/issues/4094)) - chore: Fix typos in comments and tests ([#​4093](https://redirect.github.com/google/go-github/issues/4093)) - chore: Fix typo in CONTRIBUTING.md ([#​4092](https://redirect.github.com/google/go-github/issues/4092)) - chore: Update openapi\_operations.yaml ([#​4091](https://redirect.github.com/google/go-github/issues/4091)) - build(deps): Bump github.com/bradleyfalzon/ghinstallation/v2 from 2.17.0 to 2.18.0 in /example ([#​4084](https://redirect.github.com/google/go-github/issues/4084)) - chore: Bump go.opentelemetry.io/otel to v1.42.0 ([#​4090](https://redirect.github.com/google/go-github/issues/4090)) - build(deps): Bump golang.org/x/crypto from 0.48.0 to 0.49.0 in /example ([#​4081](https://redirect.github.com/google/go-github/issues/4081)) - build(deps): Bump golang.org/x/sync from 0.19.0 to 0.20.0 in /tools ([#​4078](https://redirect.github.com/google/go-github/issues/4078)) - build(deps): Bump golang.org/x/net from 0.51.0 to 0.52.0 in /scrape ([#​4079](https://redirect.github.com/google/go-github/issues/4079)) - test: Add fuzz test for `ParseWebHook` ([#​4076](https://redirect.github.com/google/go-github/issues/4076)) - feat: Add enterprise budgets API ([#​4069](https://redirect.github.com/google/go-github/issues/4069)) - feat: Add list organization fine-grained permissions ([#​4072](https://redirect.github.com/google/go-github/issues/4072)) - feat: Make `script/lint.sh` output simpler to read ([#​4073](https://redirect.github.com/google/go-github/issues/4073)) - chore: Speed up linting ([#​4071](https://redirect.github.com/google/go-github/issues/4071)) - build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.41.0 in /otel ([#​4065](https://redirect.github.com/google/go-github/issues/4065)) - build(deps): Bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 in /otel ([#​4068](https://redirect.github.com/google/go-github/issues/4068)) - build(deps): Bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace from 1.40.0 to 1.41.0 in /example ([#​4062](https://redirect.github.com/google/go-github/issues/4062)) - build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.41.0 in /example ([#​4064](https://redirect.github.com/google/go-github/issues/4064)) - build(deps): Bump github.com/ProtonMail/go-crypto from 1.3.0 to 1.4.0 in /example ([#​4063](https://redirect.github.com/google/go-github/issues/4063)) - feat: Add `client_id` field to `App` ([#​4060](https://redirect.github.com/google/go-github/issues/4060)) - test: Simplify `CopilotService` tests ([#​4058](https://redirect.github.com/google/go-github/issues/4058)) - test: Fix flaky `TestDo_rateLimit_abuseRateLimitError_xRateLimitReset` ([#​4057](https://redirect.github.com/google/go-github/issues/4057)) - feat: Add support for enterprise audit log streaming API ([#​4035](https://redirect.github.com/google/go-github/issues/4035)) - feat: Add repository-level immutable releases settings ([#​4039](https://redirect.github.com/google/go-github/issues/4039)) - chore: Add `SAS` as a common initialism to `structfield` ([#​4054](https://redirect.github.com/google/go-github/issues/4054)) - fix: Fix data race on Windows ([#​4051](https://redirect.github.com/google/go-github/issues/4051)) - docs: Fix grammar in `README.md` ([#​4053](https://redirect.github.com/google/go-github/issues/4053)) - chore: Simplify form value assertions in tests ([#​4048](https://redirect.github.com/google/go-github/issues/4048)) - chore: Bump go-github from v83 to v84 in /scrape ([#​4050](https://redirect.github.com/google/go-github/issues/4050)) </details> <details> <summary>gitlab-org/api/client-go (gitlab.com/gitlab-org/api/client-go)</summary> ### [`v2.24.1`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.24.1) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.24.0...v2.24.1) #### 2.24.1 ##### 🐛 Bug Fixes - fix: add FormattedText field to OrbitGraphStatus and OrbitStatus ([!2876](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2876)) by [Dmitry Gruzd](https://gitlab.com/dgruzd) #### [2.24.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.24.0...v2.24.1) (2026-05-05) ##### Bug Fixes * add FormattedText field to OrbitGraphStatus and OrbitStatus ([9457ddc](https://gitlab.com/gitlab-org/api/client-go/commit/9457ddc690600ea50953bfb8df632ac0b39cd90c)) ### [`v2.24.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.24.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.23.0...v2.24.0) #### 2.24.0 ##### 🚀 Features - feat: Add search_type as attribute to search endpoints ([!2851](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2851)) by [Heidi Berry](https://gitlab.com/heidi.berry) ### [2.24.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.23.0...v2.24.0) (2026-05-04) ##### Features * Add search_type as attribute to search endpoints ([4d345e9](https://gitlab.com/gitlab-org/api/client-go/commit/4d345e9f76af8ebd016d3d55fbe039250a1fafb4)) ### [`v2.23.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.23.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.22.0...v2.23.0) #### 2.23.0 ##### 🚀 Features - feat: add OrbitService for Knowledge Graph endpoints ([!2870](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2870)) by [Dmitry Gruzd](https://gitlab.com/dgruzd) ##### 🔄 Other Changes - chore(deps): update module buf.build/go/protovalidate to v1.2.0 ([!2865](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2865)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.23.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.22.0...v2.23.0) (2026-05-04) ##### Features * add OrbitService for Knowledge Graph endpoints ([2ff460f](https://gitlab.com/gitlab-org/api/client-go/commit/2ff460f3a809e3ad9f2065b0144dfcb4d4f5e6d3)) ### [`v2.22.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.22.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.21.0...v2.22.0) #### 2.22.0 ##### 🚀 Features - Add package pipeline data. ([!2834](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2834)) by [Jimmy Spagnola](https://gitlab.com/jspagnola) ##### 🔄 Other Changes - chore(deps): update module golang.org/x/text to v0.36.0 ([!2874](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2874)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golang docker tag ([!2873](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2873)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update docker docker tag to v29.4.1 ([!2869](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2869)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - refactor(no-release): use HTTP status code constants ([!2868](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2868)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [2.22.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.21.0...v2.22.0) (2026-05-04) ### [`v2.21.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.21.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.1...v2.21.0) #### 2.21.0 ##### 🚀 Features - Add BulkImports API functions and tests ([!2846](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2846)) by [Kalyaan Kanugula](https://gitlab.com/kalyaan09) ##### 🔄 Other Changes - Add missing `URLVariables` attribute to group_hooks ([!2866](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2866)) by [Mark Nessen](https://gitlab.com/mness) - docs: fix incorrect phrase 'to that' -> 'so' ([!2861](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2861)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - docs: fix missing 'of' in contributing guide ([!2860](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2860)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - style: remove duplicated wording in Go version sentence ([!2859](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2859)) by [Bob Singh](https://gitlab.com/bobsingh.dev) ### [2.21.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.1...v2.21.0) (2026-04-27) ### [`v2.20.1`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#2210-2026-04-27) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.0...v2.20.1) #### 2.20.1 ##### 🐛 Bug Fixes - Fix potential panic in MergeRequest.UnmarshalJSON label detail loop ([!2858](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2858)) by [Zubeen](https://gitlab.com/syedzubeen) #### [2.20.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.0...v2.20.1) (2026-04-20) #### 2.20.0 ##### 🚀 Features - Add missing system hook api options ([!2847](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2847)) by [Zack Knight](https://gitlab.com/zachkknowbe4) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.4.0 ([!2854](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2854)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update module github.com/google/cel-go to v0.28.0 ([!2855](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2855)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.20.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#2210-2026-04-27) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.19.0...v2.20.0) #### 2.20.1 ##### 🐛 Bug Fixes - Fix potential panic in MergeRequest.UnmarshalJSON label detail loop ([!2858](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2858)) by [Zubeen](https://gitlab.com/syedzubeen) #### [2.20.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.20.0...v2.20.1) (2026-04-20) #### 2.20.0 ##### 🚀 Features - Add missing system hook api options ([!2847](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2847)) by [Zack Knight](https://gitlab.com/zachkknowbe4) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.4.0 ([!2854](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2854)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update module github.com/google/cel-go to v0.28.0 ([!2855](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2855)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.19.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.19.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.18.0...v2.19.0) #### 2.19.0 ##### 🚀 Features - feat: Add PackageRegistryAccessLevel to Project structs ([!2852](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2852)) by [Caleb Madara](https://gitlab.com/calebmadara58) ### [2.19.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.18.0...v2.19.0) (2026-04-15) ##### Features * Add PackageRegistryAccessLevel to Project structs ([4ce63da](https://gitlab.com/gitlab-org/api/client-go/commit/4ce63da9528e6e0da40fd7240a41236a385d7bfe)) ### [`v2.18.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.18.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.17.0...v2.18.0) #### 2.18.0 ##### 🚀 Features - Feat: Add support for application setting secret_push_protection_available ([!2849](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2849)) by [Rizart Dona](https://gitlab.com/rizart_d) ##### 🔄 Other Changes - fix: Correct Example Section in README ([!2850](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2850)) by [Jonathan Bowe](https://gitlab.com/boweflex) ### [2.18.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.17.0...v2.18.0) (2026-04-14) ##### Bug Fixes * Correct Example Section in README ([c0759d9](https://gitlab.com/gitlab-org/api/client-go/commit/c0759d99b2eefbd4501a0e960530ee5a73ec0084)) ### [`v2.17.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.17.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.16.0...v2.17.0) #### 2.17.0 ##### 🚀 Features - Resolve "Add endpoint support for archiving/unarchiving groups" ([!2848](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2848)) by [Jonathan Bowe](https://gitlab.com/boweflex) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.3.1 ([!2841](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2841)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(no-release): enable gocritic linter ([!2842](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2842)) by [Oleksandr Redko](https://gitlab.com/alexandear) - chore(deps): update module golang.org/x/oauth2 to v0.36.0 ([!2835](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2835)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update module golang.org/x/text to v0.35.0 ([!2837](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2837)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.17.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.16.0...v2.17.0) (2026-04-10) ### [`v2.16.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.16.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.15.0...v2.16.0) #### 2.16.0 ##### 🚀 Features - feat: Add PagesUniqueDomainDefaultEnabled to Settings API ([!2845](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2845)) by [Mohamed Mongy](https://gitlab.com/mohamedmongy96) ### [2.16.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.15.0...v2.16.0) (2026-04-04) ##### Features * Add PagesUniqueDomainDefaultEnabled to Settings API ([d27f3af](https://gitlab.com/gitlab-org/api/client-go/commit/d27f3af69ae8569117c51f716d00b3b116e9f88c)) ### [`v2.15.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.15.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.14.0...v2.15.0) #### 2.15.0 ##### 🚀 Features - feat: Add approved_at field in merge request approvals API ([!2844](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2844)) by [Mohamed Asan N](https://gitlab.com/hassyyy) ### [2.15.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.14.0...v2.15.0) (2026-04-04) ##### Features * Add approved_at field in merge request approvals API ([528ac9e](https://gitlab.com/gitlab-org/api/client-go/commit/528ac9ea36377454fcae3cd7eb27b9d47f69a1cd)) ### [`v2.14.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.14.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.13.0...v2.14.0) #### 2.14.0 ##### 🚀 Features - feat: add support for DisablePasswordAuthenticationForUsersWithSSOIdentities... ([!2839](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2839)) by [Lorenz Vonlanthen](https://gitlab.com/loelu) ### [2.14.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.13.0...v2.14.0) (2026-04-03) ##### Features * add support for DisablePasswordAuthenticationForUsersWithSSOIdentities... ([6b88f05](https://gitlab.com/gitlab-org/api/client-go/commit/6b88f05609dfc6861da406b205fe1c2750c0b3e8)) ### [`v2.13.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.13.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.12.0...v2.13.0) #### 2.13.0 ##### 🚀 Features - feat: Added WithAuthSourceStrategy option to allow configuring multiple token source priority ([!2815](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2815)) by [Павлов Александр](https://gitlab.com/alexpts) ### [2.13.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.12.0...v2.13.0) (2026-04-01) ##### Features * Added WithAuthSourceStrategy option to allow configuring multiple token source priority ([2261c80](https://gitlab.com/gitlab-org/api/client-go/commit/2261c80c289d94a0053997f203544847bc961f12)) ### [`v2.12.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.12.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.11.0...v2.12.0) #### 2.12.0 ##### 🚀 Features - fix: update HostKey field name to FingerprintSHA256 for consistency ([!2840](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2840)) by [Oleksandr Redko](https://gitlab.com/alexandear) - Add push mirror host_keys to the go client. ([!2832](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2832)) by [Jimmy Spagnola](https://gitlab.com/jspagnola) ##### 🔄 Other Changes - Fix: improve URL validation warning logging context and correct typo ([!2830](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2830)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - chore(no-release): fix typos in comments and unexported function ([!2831](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2831)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [2.12.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.11.0...v2.12.0) (2026-04-01) ##### Bug Fixes * update HostKey field name to FingerprintSHA256 for consistency ([1b7fcfb](https://gitlab.com/gitlab-org/api/client-go/commit/1b7fcfb0ed002b007b8cadcc8e81ba529e48705b)) ### [`v2.11.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.11.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.10.0...v2.11.0) #### 2.11.0 ##### 🚀 Features - Deprecate project approval password auth, add reauth to approve ([!2825](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2825)) by [Heidi Berry](https://gitlab.com/heidi.berry) ##### 🔄 Other Changes - Fix typo in UpdateLabel comment ([!2827](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2827)) by [Bob Singh](https://gitlab.com/bobsingh.dev) - Fix runner comment typo ([!2828](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2828)) by [Bob Singh](https://gitlab.com/bobsingh.dev) ### [2.11.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.10.0...v2.11.0) (2026-03-30) ### [`v2.10.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#1380-2026-02-19) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.9.0...v2.10.0) ##### Features - **events:** Add missing parameters for label operations and update documentation links ([11b9f08](https://gitlab.com/gitlab-org/api/client-go/commit/11b9f08b37a4c2ada9413259282f163f28b94051)) - **labels:** add missing params and edit links ([ec1b92b](https://gitlab.com/gitlab-org/api/client-go/commit/ec1b92bff403c10446ab1ff6566a3a638871bb7e)) #### 1.37.0 ##### 🚀 Features - Support system & system\_action fields for merge event attributes ([!2737](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2737)) by [Artem Mikheev](https://gitlab.com/renbou) ##### 🔄 Other Changes - Update links of geo\_sites.go ([!2782](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2782)) by [Mohamed Mongy](https://gitlab.com/mohamedmongy96) - chore(deps): update dependency golangci-lint to v2.10.1 ([!2770](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2770)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golangci/golangci-lint docker tag to v2.10.1 ([!2771](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2771)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golangci/golangci-lint docker tag to v2.10.0 ([!2769](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2769)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update dependency golangci-lint to v2.10.0 ([!2768](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2768)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.9.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#1330-2026-02-13) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.8.0...v2.9.0) #### 1.32.0 ##### 🚀 Features - Implement endpoints for runner controller scopes ([!2758](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2758)) by [Timo Furrer](https://gitlab.com/timofurrer) ##### 🔄 Other Changes - test(namespaces): Address test feedback to simplify the test ([!2744](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2744)) by [Patrick Rice](https://gitlab.com/PatrickRice) - chore(deps): update golangci/golangci-lint docker tag to v2.9.0 ([!2755](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2755)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update dependency golangci-lint to v2.9.0 ([!2754](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2754)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.8.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#1130-2026-01-12) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.7.0...v2.8.0) ##### Features - **groups:** add Active parameter to ListGroupProjects ([dec511a](https://gitlab.com/gitlab-org/api/client-go/commit/dec511a199b0adb7ba87f5a02a50651049b68b71)) #### 1.12.0 ##### 🚀 Features - feat: add EmojiEvents field support to Project Webhooks ([!2653](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2653)) by [Yugan](https://gitlab.com/yugannkt) ##### 🔄 Other Changes - chore(deps): update dependency golangci-lint to v2.8.0 ([!2650](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2650)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - refactor(no-release): use errors.New instead of fmt.Errorf ([!2644](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2644)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [`v2.7.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#170-2025-12-06) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.6.0...v2.7.0) ##### Features - **users:** Add support for a user to see only one file diff per page ([e2a9e09](https://gitlab.com/gitlab-org/api/client-go/commit/e2a9e09e79e7949e0b19dcfc97e3b7b533541856)) #### 1.6.0 ##### 🚀 Features - feat: add admin compliance policy settings API ([!2610](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2610)) by [Hannes Lange](https://gitlab.com/hlange4) ##### 🔄 Other Changes - doc: fix typo ([!2603](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2603)) by [Guilhem Bonnefille](https://gitlab.com/gbonnefille) - chore(deps): update golangci/golangci-lint docker tag to v2.7.1 ([!2611](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2611)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update docker docker tag to v29.1.2 ([!2609](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2609)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(deps): update golangci/golangci-lint docker tag to v2.7.0 ([!2608](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2608)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [`v2.6.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#01590-2025-11-04) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.5.0...v2.6.0) ##### Features - **integrations:** add group integration API endpoints for Jira ([09e18ee](https://gitlab.com/gitlab-org/api/client-go/commit/09e18ee598bb7805ac8221f6a05426b1785f9011)) #### 0.158.0 ##### 🚀 Features - Add support to send variables for GraphQL queries ([!2562](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2562)) by [rafasf](https://gitlab.com/rafasf) ##### 🔄 Other Changes - chore(deps): update module cel.dev/expr to v0.25.0 ([!2560](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2560)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - chore(no-release): standardize GitLab name capitalization ([!2551](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2551)) by [Zubeen](https://gitlab.com/syedzubeen) - chore(deps): update golangci/golangci-lint docker tag to v2.6.0 ([!2558](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2558)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - refactor: moved comments to interface 2 ([!2557](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2557)) by [Zubeen](https://gitlab.com/syedzubeen) - refactor: moved comments to interface ([!2556](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2556)) by [Zubeen](https://gitlab.com/syedzubeen) - refactor(test): avoid panic in tests with goroutines ([!2553](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2553)) by [Oleksandr Redko](https://gitlab.com/alexandear) ### [`v2.5.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.5.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.4.0...v2.5.0) #### 2.5.0 ##### 🚀 Features - feat(workitems): Implement `UpdateWorkItem()` ([!2793](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2793)) by [Carlos Corona](https://gitlab.com/ccorona2) ##### 🔄 Other Changes - chore(deps): update dependency golangci-lint to v2.11.2 ([!2810](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2810)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) - test(no-release): replace reflect.DeepEqual with testify ([!2809](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2809)) by [Oleksandr Redko](https://gitlab.com/alexandear) - feat: allow OAuth success callback page to self-close when possible ([!2808](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2808)) by [Case Taintor](https://gitlab.com/case.taintor) - chore(deps): update dependency golangci-lint to v2.11.1 ([!2806](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2806)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.5.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.4.0...v2.5.0) (2026-03-09) ##### Features * allow OAuth success callback page to self-close when possible ([dca2e12](https://gitlab.com/gitlab-org/api/client-go/commit/dca2e12095fe0c2f185784469a8ea904db1a1be5)) * **workitems:** Implement `UpdateWorkItem()` ([b93a55e](https://gitlab.com/gitlab-org/api/client-go/commit/b93a55e316ae95db3d23ff404c46c081db0ad3c7)) ### [`v2.4.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.4.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.3.0...v2.4.0) #### 2.4.0 ##### 🚀 Features - Reflect latest runner controller API changes ([!2803](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2803)) by [Timo Furrer](https://gitlab.com/timofurrer) ##### 🔄 Other Changes - chore(deps): update docker docker tag to v29.3.0 ([!2804](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2804)) by [GitLab Dependency Bot](https://gitlab.com/gitlab-dependency-update-bot) ### [2.4.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.3.0...v2.4.0) (2026-03-06) ### [`v2.3.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.3.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.1...v2.3.0) #### 2.3.0 ##### 🚀 Features - feat: add new endpoint for fetching all the runner manager information ([!2802](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2802)) by [Aayush](https://gitlab.com/Aayush-Saini) ### [2.3.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.1...v2.3.0) (2026-03-05) ##### Features * add new endpoint for fetching all the runner manager information ([d4755b7](https://gitlab.com/gitlab-org/api/client-go/commit/d4755b7966efe4d0c9c7c849f4918d8f21e92163)) ### [`v2.2.1`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#230-2026-03-05) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.0...v2.2.1) ##### Features - add new endpoint for fetching all the runner manager information ([d4755b7](https://gitlab.com/gitlab-org/api/client-go/commit/d4755b7966efe4d0c9c7c849f4918d8f21e92163)) #### 2.2.1 ##### 🐛 Bug Fixes - fix: Add `/v2` suffix to module path. ([!2801](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2801)) by [Florian Forster](https://gitlab.com/fforster) #### [2.2.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.0...v2.2.1) (2026-03-04) ##### Bug Fixes - Add `/v2` suffix to module path. ([4237f6a](https://gitlab.com/gitlab-org/api/client-go/commit/4237f6aa292dd8a8eeeca64adeac1a1f121293a6)), closes [#​2239](https://gitlab.com/gitlab-org/api/client-go/issues/2239) #### 2.2.0 ##### 🚀 Features - feat(workitems): Implement `CreateWorkItem()`. ([!2751](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2751)) by [Florian Forster](https://gitlab.com/fforster) ### [`v2.2.0`](https://gitlab.com/gitlab-org/api/client-go/blob/HEAD/CHANGELOG.md#230-2026-03-05) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.1.0...v2.2.0) ##### Features - add new endpoint for fetching all the runner manager information ([d4755b7](https://gitlab.com/gitlab-org/api/client-go/commit/d4755b7966efe4d0c9c7c849f4918d8f21e92163)) #### 2.2.1 ##### 🐛 Bug Fixes - fix: Add `/v2` suffix to module path. ([!2801](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2801)) by [Florian Forster](https://gitlab.com/fforster) #### [2.2.1](https://gitlab.com/gitlab-org/api/client-go/compare/v2.2.0...v2.2.1) (2026-03-04) ##### Bug Fixes - Add `/v2` suffix to module path. ([4237f6a](https://gitlab.com/gitlab-org/api/client-go/commit/4237f6aa292dd8a8eeeca64adeac1a1f121293a6)), closes [#​2239](https://gitlab.com/gitlab-org/api/client-go/issues/2239) #### 2.2.0 ##### 🚀 Features - feat(workitems): Implement `CreateWorkItem()`. ([!2751](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2751)) by [Florian Forster](https://gitlab.com/fforster) ### [`v2.1.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.1.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v2.0.0...v2.1.0) #### 2.1.0 ##### 🚀 Features - feat(workitems): Add more fields to WorkItem ([!2795](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2795)) by [Florian Forster](https://gitlab.com/fforster) ##### 🔄 Other Changes - Implement body preserver to enable HTTP response body streaming ([!2746](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2746)) by [Timo Furrer](https://gitlab.com/timofurrer) ### [2.1.0](https://gitlab.com/gitlab-org/api/client-go/compare/v2.0.0...v2.1.0) (2026-03-03) ##### Features * **workitems:** Add more fields to WorkItem ([7088f6f](https://gitlab.com/gitlab-org/api/client-go/commit/7088f6f22945efd7b87a473e0e5ec9dade34c811)) ### [`v2.0.0`](https://gitlab.com/gitlab-org/api/client-go/tags/v2.0.0) [Compare Source](https://gitlab.com/gitlab-org/api/client-go/compare/v1.46.0...v2.0.0) #### 2.0.0 ##### 💥 Breaking Changes - Release client-go 2.0 ([!2763](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2763)) by [Patrick Rice](https://gitlab.com/PatrickRice) ##### 🔄 Other Changes - Addtl 2 0 changes ([!2796](https://gitlab.com/gitlab-org/api/client-go/-/merge_requests/2796)) by [Patrick Rice](https://gitlab.com/PatrickRice) ### [2.0.0](https://gitlab.com/gitlab-org/api/client-go/compare/v1.46.0...v2.0.0) (2026-03-02) * Release client-go 2.0 ([47b65ee](https://gitlab.com/gitlab-org/api/client-go/commit/47b65ee9079e2cdb328eb381a7b9bd1ef6801dd0)) ##### Bug Fixes * **ci:** update gocover-cobertura to v1.4.0 for Go 1.24+ compatibility ([1d03b20](https://gitlab.com/gitlab-org/api/client-go/commit/1d03b20802fb2fcb64e5c7a322bbea7b475fd11c)) * **group_members:** using ISOTime instead of time.Time for BillableUserMembership.ExpiresAt ([e7e58c6](https://gitlab.com/gitlab-org/api/client-go/commit/e7e58c69c1c22c91aa75f85816dd835e0163b839)) * package protection access level variable type ([5574bbb](https://gitlab.com/gitlab-org/api/client-go/commit/5574bbbf2f63b47d67ddfbf98528a3f1bad8e3c3)) * **workitems:** Handle absent status widget in `WorkItem`. ([859fb26](https://gitlab.com/gitlab-org/api/client-go/commit/859fb26f2896ae803343366ad575656a8b7aafad)) ##### Features * use Nullable[int64] for label priority ([096ed09](https://gitlab.com/gitlab-org/api/client-go/commit/096ed098d18dd1e5445bf5d9a953290f2b08a6dc)) ##### BREAKING CHANGES * Release 2.0 </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
b29af98a36 |
ci(renovate): update Go import paths on major bumps (#37641)
Enable `gomodUpdateImportPaths` so Renovate rewrites import paths (e.g. `foo/v2` → `foo/v3`) across the repo when bumping Go modules across major versions. --- This PR was written with the help of Claude Opus 4.7 Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
Lunny Xiao
|
5d87a70af9 |
fix(packages): Add label for private and internal package and fix composor package source permission check (#37610)
- Add permission checks for Composer package source links - Add private/internal visibility labels for packages, similar to repository visibility labels <img width="969" height="571" alt="image" src="https://github.com/user-attachments/assets/8a8ec3a0-bfbd-4dd6-b45b-58eda5db1a2d" /> - Add a link to change package visibility <img width="1309" height="208" alt="image" src="https://github.com/user-attachments/assets/3fa82b23-4c63-4a5e-b3f0-d37a103231ee" /> - Update link package descriptions <img width="1308" height="265" alt="image" src="https://github.com/user-attachments/assets/2c80b50e-5ffe-4d96-aedd-aa15964c4e05" /> --------- Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: silverwind <me@silverwind.io> |
||
|
silverwind
|
5dc9d621fd |
refactor: replace Fomantic search module with first-party code (#37443)
- Replace fomantic `search` code with minimal first-party code - Added a small fix to vertically align search box and search button - Manually tested all search forms. - Add `errorName` helper, similar to `errorMessage`. Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
Giteabot
|
a603f89fce |
fix(deps): update npm dependencies (#37636)
This PR contains the following updates:
| Package | Change |
[Age](https://docs.renovatebot.com/merge-confidence/) |
[Confidence](https://docs.renovatebot.com/merge-confidence/) |
|---|---|---|---|
|
[@typescript-eslint/parser](https://typescript-eslint.io/packages/parser)
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser))
| [`8.59.1` →
`8.59.2`](https://renovatebot.com/diffs/npm/@typescript-eslint%2fparser/8.59.1/8.59.2)
|
|
|
| [eslint-plugin-vue](https://eslint.vuejs.org)
([source](https://redirect.github.com/vuejs/eslint-plugin-vue)) |
[`10.9.0` →
`10.9.1`](https://renovatebot.com/diffs/npm/eslint-plugin-vue/10.9.0/10.9.1)
|
|
|
| [jiti](https://redirect.github.com/unjs/jiti) | [`2.6.1` →
`2.7.0`](https://renovatebot.com/diffs/npm/jiti/2.6.1/2.7.0) |
|
|
| [postcss](https://postcss.org/)
([source](https://redirect.github.com/postcss/postcss)) | [`8.5.13` →
`8.5.14`](https://renovatebot.com/diffs/npm/postcss/8.5.13/8.5.14) |
|
|
| [stylelint](https://stylelint.io)
([source](https://redirect.github.com/stylelint/stylelint)) | [`17.10.0`
→
`17.11.0`](https://renovatebot.com/diffs/npm/stylelint/17.10.0/17.11.0)
|
|
|
|
[typescript-eslint](https://typescript-eslint.io/packages/typescript-eslint)
([source](https://redirect.github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint))
| [`8.59.1` →
`8.59.2`](https://renovatebot.com/diffs/npm/typescript-eslint/8.59.1/8.59.2)
|
|
|
| [updates](https://redirect.github.com/silverwind/updates) | [`17.16.8`
→ `17.16.9`](https://renovatebot.com/diffs/npm/updates/17.16.8/17.16.9)
|
|
|
---
### Release Notes
<details>
<summary>typescript-eslint/typescript-eslint
(@​typescript-eslint/parser)</summary>
###
[`v8.59.2`](https://redirect.github.com/typescript-eslint/typescript-eslint/blob/HEAD/packages/parser/CHANGELOG.md#8592-2026-05-04)
[Compare
Source](https://redirect.github.com/typescript-eslint/typescript-eslint/compare/v8.59.1...v8.59.2)
This was a version bump only for parser to align it with other projects,
there were no code changes.
See [GitHub
Releases](https://redirect.github.com/typescript-eslint/typescript-eslint/releases/tag/v8.59.2)
for more information.
You can read about our [versioning
strategy](https://typescript-eslint.io/users/versioning) and
[releases](https://typescript-eslint.io/users/releases) on our website.
</details>
<details>
<summary>vuejs/eslint-plugin-vue (eslint-plugin-vue)</summary>
###
[`v10.9.1`](https://redirect.github.com/vuejs/eslint-plugin-vue/blob/HEAD/CHANGELOG.md#1091)
[Compare
Source](https://redirect.github.com/vuejs/eslint-plugin-vue/compare/v10.9.0...v10.9.1)
##### Patch Changes
- Updated peer dependency version for
[`vue-eslint-parser`](https://redirect.github.com/vuejs/vue-eslint-parser)
to fix parsing errors in Vue SFCs
([#​3075](https://redirect.github.com/vuejs/eslint-plugin-vue/pull/3075))
</details>
<details>
<summary>unjs/jiti (jiti)</summary>
###
[`v2.7.0`](https://redirect.github.com/unjs/jiti/blob/HEAD/CHANGELOG.md#v270)
[Compare
Source](https://redirect.github.com/unjs/jiti/compare/v2.6.1...v2.7.0)
[compare
changes](https://redirect.github.com/unjs/jiti/compare/v2.6.1...v2.7.0)
##### 🚀 Enhancements
- Add explicit resource management (using/await using) support
([#​422](https://redirect.github.com/unjs/jiti/pull/422))
- Support opt-in `tsconfigPaths`
([#​427](https://redirect.github.com/unjs/jiti/pull/427))
- Support virtual modules option
([#​428](https://redirect.github.com/unjs/jiti/pull/428))
- Add `jiti/static` export
([#​430](https://redirect.github.com/unjs/jiti/pull/430))
##### 🔥 Performance
- **interopDefault:** Add caching to reduce proxy overhead by \~2x
([#​421](https://redirect.github.com/unjs/jiti/pull/421))
##### 🩹 Fixes
- **require:** Passthrough resolve options
([#​412](https://redirect.github.com/unjs/jiti/pull/412))
- **ci:** Skip `--coverage` flag for node 18
([fe264b4](https://redirect.github.com/unjs/jiti/commit/fe264b4))
- **require:** Fallback to transpilation when `tryNative` fails
([#​413](https://redirect.github.com/unjs/jiti/pull/413))
- Fallback for `ENAMETOOLONG` when evaluating esm
([#​429](https://redirect.github.com/unjs/jiti/pull/429))
##### 📦 Build
- Upgrade rspack
([55194fb](https://redirect.github.com/unjs/jiti/commit/55194fb))
- Experimental rolldown config
([8c0243f](https://redirect.github.com/unjs/jiti/commit/8c0243f))
##### 🏡 Chore
- Fix lint issues
([4045c7a](https://redirect.github.com/unjs/jiti/commit/4045c7a))
- Update deps
([e88ac44](https://redirect.github.com/unjs/jiti/commit/e88ac44))
- Update deps
([498e8d7](https://redirect.github.com/unjs/jiti/commit/498e8d7))
- Add missing prettier dep
([650bc48](https://redirect.github.com/unjs/jiti/commit/650bc48))
- Lint ([058d91a](https://redirect.github.com/unjs/jiti/commit/058d91a))
- Init agents.md
([c49c54e](https://redirect.github.com/unjs/jiti/commit/c49c54e))
- Update agents.md
([4deba16](https://redirect.github.com/unjs/jiti/commit/4deba16))
- Update deps
([
|
||
|
Giteabot
|
e1f0f9e896 |
fix(deps): update module code.gitea.io/sdk/gitea to v0.25.0 (#37637)
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | code.gitea.io/sdk/gitea | `v0.24.1` → `v0.25.0` |  |  | --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - Only on Monday (`* * * * 1`) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> |
||
|
pomidorry
|
67f86bc3fe |
feat(api): add last_sync to repository API (#37566)
This PR adds a new repository API field, `mirror_last_sync_at`, to expose the timestamp of the last successful pull mirror sync. Unlike `mirror_updated`, this field does not affect mirror scheduling and is updated only after a successful pull sync. Failed sync attempts leave the value unchanged. What changed - added `mirror_last_sync_at` to the repository API response - updated pull mirror sync flow to persist the timestamp only on successful sync - kept `mirror_updated` behavior unchanged for queue/scheduling purposes `mirror_updated` is currently tied to mirror queue behavior, so it cannot safely represent the last successful sync time. The new field makes that state explicit for API consumers without changing scheduling semantics. --------- Signed-off-by: pomidorry <106489913+Pomidorry@users.noreply.github.com> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
TheFox0x7
|
c78c84c3ca |
test(e2e): run playwright via container (#37300)
Enable running playwright tests on unsupported platforms as well Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
silverwind
|
a61598884f |
feat(editor): broaden language detection in web code editor (#37619)
Use https://github.com/github-linguist/linguist/blob/main/lib/linguist/languages.yml to substantially improve syntax higlighting in Codemirror. File is generated on-demand only. Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> |
||
|
Copilot
|
0a3aaeafe7 |
refactor(log): replace log.Critical with log.Error (#37624)
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> |
||
|
wxiaoguang
|
093c9e8ee6 |
fix: "run as root" check (#37622)
Remove the hacky and fragile `sed os.Getuid()` patch. |
||
|
silverwind
|
ce089f498b |
fix: improve actions status icons and texts (#37206)
Action runs, jobs and steps have 8 statuses but the UI only showed 5
(from the commit status api) for the latter two. Align all 8 to GitHub
as closely as possible:
- waiting — `octicon-circle` (hollow circle), gray
- blocked — `octicon-blocked` (slashed circle), yellow
- running — `gitea-running` (rotating spinner), yellow
- cancelled — `octicon-stop` (gray), was `octicon-x` (red)
Descriptions also aligned with GitHub:
- "Has started running" → "In progress"
- "Has been cancelled" → "Cancelled after {dur}"
- "Has been skipped" → "Skipped"
Fixes: https://github.com/go-gitea/gitea/issues/32228
---------
Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Nicolas <bircni@icloud.com>
|
||
|
silverwind
|
a5d81d9ce2 |
perf: replace goheader linter with custom check (#37599)
Replace the [slow `goheader` linter](https://github.com/denis-tingaikin/go-header/issues/70) with a custom check. Local go lint time is down from 247s to 32s. 6 new files that were previously undetected because of `//go:build ignore` are fixed. The exit code of the make target preserves the golangci-lint exit code, if present. Also refactors and consolidates the linting targets. Signed-off-by: silverwind <me@silverwind.io> Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> |
||
|
dependabot[bot]
|
73c0239f94 |
build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#37616)
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.1.0 to 3.1.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/fastify/fast-uri/releases">fast-uri's releases</a>.</em></p> <blockquote> <h2>v3.1.2</h2> <h2>⚠️ Security Release</h2> <ul> <li>Fix for <a href="https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc">https://github.com/fastify/fast-uri/security/advisories/GHSA-v39h-62p7-jpjc</a></li> </ul> <h2>What's Changed</h2> <ul> <li>Handle malformed fragment decoding as a parse error by <a href="https://github.com/mcollina"><code>@mcollina</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/171">fastify/fast-uri#171</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2">https://github.com/fastify/fast-uri/compare/v3.1.1...v3.1.2</a></p> <h2>v3.1.1</h2> <h2>⚠️ Security Release</h2> <ul> <li>Fix for <a href="https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6">https://github.com/fastify/fast-uri/security/advisories/GHSA-q3j6-qgpj-74h6</a></li> </ul> <h2>What's Changed</h2> <ul> <li>build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/148">fastify/fast-uri#148</a></li> <li>build(deps): bump actions/checkout from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/149">fastify/fast-uri#149</a></li> <li>chore(.npmrc): ignore scripts by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/150">fastify/fast-uri#150</a></li> <li>build(deps-dev): remove <code>@fastify/pre-commit</code> by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/151">fastify/fast-uri#151</a></li> <li>build(deps): bump actions/setup-node from 4 to 5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/152">fastify/fast-uri#152</a></li> <li>ci(ci): add concurrency config by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/153">fastify/fast-uri#153</a></li> <li>build(deps): bump actions/setup-node from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/154">fastify/fast-uri#154</a></li> <li>build(deps): bump actions/checkout from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/156">fastify/fast-uri#156</a></li> <li>chore(license): standardise license notice by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/159">fastify/fast-uri#159</a></li> <li>style: remove trailing whitespace by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/161">fastify/fast-uri#161</a></li> <li>ci: remove unused github files by <a href="https://github.com/Tony133"><code>@Tony133</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/162">fastify/fast-uri#162</a></li> <li>chore: update readme by <a href="https://github.com/Tony133"><code>@Tony133</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/164">fastify/fast-uri#164</a></li> <li>build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-manager.yml from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/165">fastify/fast-uri#165</a></li> <li>build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml from 5 to 6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/166">fastify/fast-uri#166</a></li> <li>build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/fastify/fast-uri/pull/167">fastify/fast-uri#167</a></li> <li>ci: add lock-threads workflow by <a href="https://github.com/Fdawgs"><code>@Fdawgs</code></a> in <a href="https://redirect.github.com/fastify/fast-uri/pull/169">fastify/fast-uri#169</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Tony133"><code>@Tony133</code></a> made their first contribution in <a href="https://redirect.github.com/fastify/fast-uri/pull/162">fastify/fast-uri#162</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1">https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/fastify/fast-uri/commit/919dd8ea7689fcc220d0d9b71307f5095e723ef9"><code>919dd8e</code></a> Bumped v3.1.2</li> <li><a href="https://github.com/fastify/fast-uri/commit/c65ba573714af6b8e19e481d9444c27bc4355d07"><code>c65ba57</code></a> fixup: linting</li> <li><a href="https://github.com/fastify/fast-uri/commit/6c86c17c3d76fb93aa3700ec6c0fa00faeb97293"><code>6c86c17</code></a> Merge commit from fork</li> <li><a href="https://github.com/fastify/fast-uri/commit/a95158ad308df4d92bbde4eba699ce5165e9f796"><code>a95158a</code></a> Handle malformed fragment decoding without throwing (<a href="https://redirect.github.com/fastify/fast-uri/issues/171">#171</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/cea547c91c6aae610041b17b75792ca4aa035a6d"><code>cea547c</code></a> Bumped v3.1.1</li> <li><a href="https://github.com/fastify/fast-uri/commit/876ce79b662c3e5015e4e7dffe6f37752ad34f35"><code>876ce79</code></a> Merge commit from fork</li> <li><a href="https://github.com/fastify/fast-uri/commit/dcdf690b71a7bb3a19887ada65a9ab160d83bcc0"><code>dcdf690</code></a> ci: add lock-threads workflow (<a href="https://redirect.github.com/fastify/fast-uri/issues/169">#169</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/c860e6589b1ac346f66e114b4eadb9613768108c"><code>c860e65</code></a> build(deps-dev): bump neostandard from 0.12.2 to 0.13.0 (<a href="https://redirect.github.com/fastify/fast-uri/issues/167">#167</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/9b4c6dc82fde0ca44e674403ece9185d85bb6d5f"><code>9b4c6dc</code></a> build(deps): bump fastify/workflows/.github/workflows/plugins-ci.yml (<a href="https://redirect.github.com/fastify/fast-uri/issues/166">#166</a>)</li> <li><a href="https://github.com/fastify/fast-uri/commit/85d09a9f7aa76b32c2bb005a90a71e144c361d24"><code>85d09a9</code></a> build(deps): bump fastify/workflows/.github/workflows/plugins-ci-package-mana...</li> <li>Additional commits viewable in <a href="https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/go-gitea/gitea/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
wxiaoguang
|
1ed935f911 |
fix: make clone URL respect public URL detection setting (#37615)
Fix #37614 |
||
|
techknowlogick
|
ef040c5fc4 |
chore(deps): bump go-git/go-git/v5 to 5.19.0 (#37608)
Co-authored-by: Nicolas <bircni@icloud.com> |
||
|
Giteabot
|
c81eca9904 |
chore(deps): update action dependencies (#37603)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/labeler](https://redirect.github.com/actions/labeler) | action | minor | `v6.0.1` → `v6.1.0` | | [aws-actions/configure-aws-credentials](https://redirect.github.com/aws-actions/configure-aws-credentials) | action | patch | `v6.1.0` → `v6.1.1` | | [docker.elastic.co/elasticsearch/elasticsearch](https://www.elastic.co/products/elasticsearch) ([source](https://redirect.github.com/elastic/elasticsearch)) | service | patch | `8.19.14` → `8.19.15` | | [renovatebot/github-action](https://redirect.github.com/renovatebot/github-action) | action | patch | `v46.1.12` → `v46.1.13` | --- ### Release Notes <details> <summary>actions/labeler (actions/labeler)</summary> ### [`v6.1.0`](https://redirect.github.com/actions/labeler/releases/tag/v6.1.0) [Compare Source](https://redirect.github.com/actions/labeler/compare/v6.0.1...v6.1.0) #### Enhancements - Add changed-files-labels-limit and max-files-changed configuration options to cap the number of labels added by [@​bluca](https://redirect.github.com/bluca) in [#​923](https://redirect.github.com/actions/labeler/pull/923) #### Bug Fixes - Improve Labeler Action documentation and permission error handling by [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) in [#​897](https://redirect.github.com/actions/labeler/pull/897) - Preserve manually added labels during workflow runs and refine label synchronization logic by [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) in [#​917](https://redirect.github.com/actions/labeler/pull/917) #### Dependency Updates - Upgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v6 by [@​dependabot](https://redirect.github.com/dependabot) in [#​877](https://redirect.github.com/actions/labeler/pull/877) - Upgrade minimatch from 10.0.1 to 10.2.3 by [@​dependabot](https://redirect.github.com/dependabot) in [#​926](https://redirect.github.com/actions/labeler/pull/926) - Upgrade dependencies ([@​actions/core](https://redirect.github.com/actions/core), [@​actions/github](https://redirect.github.com/actions/github), js-yaml, minimatch, [@​typescript-eslint](https://redirect.github.com/typescript-eslint)) by [@​Copilot](https://redirect.github.com/Copilot) in [#​934](https://redirect.github.com/actions/labeler/pull/934) #### New Contributors - [@​chiranjib-swain](https://redirect.github.com/chiranjib-swain) made their first contribution in [#​897](https://redirect.github.com/actions/labeler/pull/897) - [@​bluca](https://redirect.github.com/bluca) made their first contribution in [#​923](https://redirect.github.com/actions/labeler/pull/923) - [@​Copilot](https://redirect.github.com/Copilot) made their first contribution in [#​934](https://redirect.github.com/actions/labeler/pull/934) **Full Changelog**: <https://github.com/actions/labeler/compare/v6...v6.1.0> </details> <details> <summary>aws-actions/configure-aws-credentials (aws-actions/configure-aws-credentials)</summary> ### [`v6.1.1`](https://redirect.github.com/aws-actions/configure-aws-credentials/releases/tag/v6.1.1) [Compare Source](https://redirect.github.com/aws-actions/configure-aws-credentials/compare/v6.1.0...v6.1.1) ##### What's Changed - chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1722](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1722) - chore(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 25.5.0 to 25.5.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1723](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1723) - chore(deps-dev): bump [@​smithy/property-provider](https://redirect.github.com/smithy/property-provider) from 4.2.12 to 4.2.13 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1724](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1724) - chore(deps): bump proxy-agent from 8.0.0 to 8.0.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1726](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1726) - chore(deps): bump [@​smithy/node-http-handler](https://redirect.github.com/smithy/node-http-handler) from 4.5.1 to 4.5.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1725](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1725) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1020.0 to 3.1025.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1727](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1727) - chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1728](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1728) - chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1729](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1729) - chore(deps-dev): bump [@​types/node](https://redirect.github.com/types/node) from 25.5.2 to 25.6.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1730](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1730) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.24 to 3.972.25 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1733](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1733) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1025.0 to 3.1030.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1732](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1732) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.10 to 2.4.11 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1734](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1734) - chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1736](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1736) - chore(deps-dev): bump memfs from 4.57.1 to 4.57.2 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1737](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1737) - chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1740](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1740) - chore(deps-dev): bump [@​smithy/property-provider](https://redirect.github.com/smithy/property-provider) from 4.2.13 to 4.2.14 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1741](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1741) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.25 to 3.972.28 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1742](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1742) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1030.0 to 3.1033.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1743](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1743) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.11 to 2.4.12 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1739](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1739) - chore(deps-dev): bump [@​biomejs/biome](https://redirect.github.com/biomejs/biome) from 2.4.12 to 2.4.13 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1747](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1747) - chore(deps): bump postcss from 8.5.6 to 8.5.12 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1752](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1752) - chore(deps): bump [@​smithy/node-http-handler](https://redirect.github.com/smithy/node-http-handler) from 4.6.0 to 4.6.1 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1750](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1750) - chore(deps-dev): bump [@​aws-sdk/credential-provider-env](https://redirect.github.com/aws-sdk/credential-provider-env) from 3.972.28 to 3.972.32 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1751](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1751) - chore(deps): bump [@​aws-sdk/client-sts](https://redirect.github.com/aws-sdk/client-sts) from 3.1033.0 to 3.1038.0 by [@​dependabot](https://redirect.github.com/dependabot)\[bot] in [#​1749](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1749) - chore: release 6.1.1 by [@​lehmanmj](https://redirect.github.com/lehmanmj) in [#​1757](https://redirect.github.com/aws-actions/configure-aws-credentials/pull/1757) **Full Changelog**: <https://github.com/aws-actions/configure-aws-credentials/compare/v6...v6.1.1> </details> <details> <summary>elastic/elasticsearch (docker.elastic.co/elasticsearch/elasticsearch)</summary> ### [`v8.19.15`](https://redirect.github.com/elastic/elasticsearch/releases/tag/v8.19.15): Elasticsearch 8.19.15 [Compare Source](https://redirect.github.com/elastic/elasticsearch/compare/v8.19.14...v8.19.15) Downloads: <https://elastic.co/downloads/elasticsearch> Release notes: <https://www.elastic.co/guide/en/elasticsearch/reference/8.19/release-notes-8.19.15.html> </details> <details> <summary>renovatebot/github-action (renovatebot/github-action)</summary> ### [`v46.1.13`](https://redirect.github.com/renovatebot/github-action/releases/tag/v46.1.13) [Compare Source](https://redirect.github.com/renovatebot/github-action/compare/v46.1.12...v46.1.13) ##### Documentation - update references to renovatebot/github-action to v46.1.12 ([a871d4d](https://redirect.github.com/renovatebot/github-action/commit/a871d4d5460d222ef1b9b6d9c7c9a9224e582780)) ##### Miscellaneous Chores - **deps:** update dependency [@​commitlint/cli](https://redirect.github.com/commitlint/cli) to v20.5.2 ([67a74d1](https://redirect.github.com/renovatebot/github-action/commit/67a74d123d2876d138af089da96b130b49963b52)) - **deps:** update pnpm to v10.33.1 ([5932d6c](https://redirect.github.com/renovatebot/github-action/commit/5932d6c4e6423886397f74fa3e1f43f75d08b639)) - **deps:** update pnpm to v10.33.2 ([580c97f](https://redirect.github.com/renovatebot/github-action/commit/580c97f45b94ac6c4cf344cae6557fa67ffcf1e6)) ##### Build System - **deps:** lock file maintenance ([d044e7d](https://redirect.github.com/renovatebot/github-action/commit/d044e7df57b284a83ba0184247f960f00ca99d19)) ##### Continuous Integration - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.159.1 ([a7db9c3](https://redirect.github.com/renovatebot/github-action/commit/a7db9c38fdfec235881c95a3f634d0e98351a897)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.159.2 ([f9133ef](https://redirect.github.com/renovatebot/github-action/commit/f9133ef80db08316ae9064a6639804e2781bf4ac)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.0 ([212d525](https://redirect.github.com/renovatebot/github-action/commit/212d52574e89808037dd90d27dad2a1ea2f69f22)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.1 ([e3443ce](https://redirect.github.com/renovatebot/github-action/commit/e3443ceef9af4bfb10853b55f8a23c5625289bb8)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.2 ([833041b](https://redirect.github.com/renovatebot/github-action/commit/833041bb68593fa1d2e2704abedd40037914481b)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.4 ([60cc865](https://redirect.github.com/renovatebot/github-action/commit/60cc8654e18da2e1d7164c13b1437fcf26a1dce8)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.5 ([2c7567a](https://redirect.github.com/renovatebot/github-action/commit/2c7567a8f829497ca73badab029c722f61e0c561)) - **deps:** update ghcr.io/renovatebot/renovate docker tag to v43.160.6 ([35caad2](https://redirect.github.com/renovatebot/github-action/commit/35caad2c6a948000e0be2215db7dcdbf0c183541)) </details> --- This PR has been generated by [Mend Renovate](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNDEuNSIsInVwZGF0ZWRJblZlciI6IjQzLjE0MS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=--> Co-authored-by: Nicolas <bircni@icloud.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> |
||
|
silverwind
|
479bcdb503 |
fix(actions): fix blank lines after ::endgroup:: (#37597)
`endLogGroup` was incorrectly appending empty `<div>`s, producing a useless blank line after every group. Before and after: <img width="250" alt="Screenshot 2026-05-07 at 22 40 40" src="https://github.com/user-attachments/assets/8baf0fd0-99c8-4648-bf3f-edc6c4b197ec" /> <img width="250" alt="Screenshot 2026-05-07 at 22 37 12" src="https://github.com/user-attachments/assets/c45f28ae-1bbf-4b25-9d7b-281c19421f63" /> --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com> Co-authored-by: Giteabot <teabot@gitea.io> |
