mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-05-20 17:28:09 +00:00

Beyond coding. We forge. (Code of Conduct: https://codeberg.org/forgejo/code-of-conduct)

Go to file

dependabot[bot] bdf8c80f41 Bump json5 from 1.0.1 to 1.0.2 (#22365 ) Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/json5/json5/releases">json5's releases</a>.</em></p> <blockquote> <h2>v1.0.2</h2> <ul> <li>Fix: Properties with the name <code>__proto__</code> are added to objects and arrays. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<a href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>). This has been backported to v1. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/298">#298</a>)</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/json5/json5/blob/main/CHANGELOG.md">json5's changelog</a>.</em></p> <blockquote> <h3>Unreleased [<a href="https://github.com/json5/json5/tree/main">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.3...HEAD">diff</a>]</h3> <h3>v2.2.3 [<a href="https://github.com/json5/json5/tree/v2.2.3">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.2...v2.2.3">diff</a>]</h3> <ul> <li>Fix: json5@2.2.3 is now the 'latest' release according to npm instead of v1.0.2. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/299">#299</a>)</li> </ul> <h3>v2.2.2 [<a href="https://github.com/json5/json5/tree/v2.2.2">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2">diff</a>]</h3> <ul> <li>Fix: Properties with the name <code>__proto__</code> are added to objects and arrays. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (<a href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>).</li> </ul> <h3>v2.2.1 [<a href="https://github.com/json5/json5/tree/v2.2.1">code</a>, <a href="https://github.com/json5/json5/compare/v2.2.0...v2.2.1">diff</a>]</h3> <ul> <li>Fix: Removed dependence on minimist to patch CVE-2021-44906. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/266">#266</a>)</li> </ul> <h3>v2.2.0 [<a href="https://github.com/json5/json5/tree/v2.2.0">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.3...v2.2.0">diff</a>]</h3> <ul> <li>New: Accurate and documented TypeScript declarations are now included. There is no need to install <code>@types/json5</code>. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/236">#236</a>, <a href="https://github-redirect.dependabot.com/json5/json5/issues/244">#244</a>)</li> </ul> <h3>v2.1.3 [<a href="https://github.com/json5/json5/tree/v2.1.3">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.2...v2.1.3">diff</a>]</h3> <ul> <li>Fix: An out of memory bug when parsing numbers has been fixed. (<a href="https://github-redirect.dependabot.com/json5/json5/issues/228">#228</a>, <a href="https://github-redirect.dependabot.com/json5/json5/issues/229">#229</a>)</li> </ul> <h3>v2.1.2 [<a href="https://github.com/json5/json5/tree/v2.1.2">code</a>, <a href="https://github.com/json5/json5/compare/v2.1.1...v2.1.2">diff</a>]</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="`a62db1e51e`"><code>a62db1e</code></a> 1.0.2</li> <li><a href="`e0c23fe458`"><code>e0c23fe</code></a> docs: update CHANGELOG for v1.0.2</li> <li><a href="`62a6540840`"><code>62a6540</code></a> fix: add <strong>proto</strong> to objects and arrays</li> <li>See full diff in <a href="https://github.com/json5/json5/compare/v1.0.1...v1.0.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json5&package-manager=npm_and_yarn&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/go-gitea/gitea/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>		2023-01-08 19:48:00 +08:00
.gitea	Issue template form (#16349 )	2021-09-15 20:33:13 +03:00
.github	update discord invite (#19907 )	2022-06-07 11:40:27 -04:00
assets	Update Emoji dataset to Unicode 14 (#22342 )	2023-01-04 11:52:48 -06:00
build	Fix unstable emoji sort (#22346 )	2023-01-05 13:58:51 +02:00
cmd	Move `convert` package to services (#22264 )	2022-12-29 10:57:15 +08:00
contrib	Implement FSFE REUSE for golang files (#21840 )	2022-11-27 18:20:29 +00:00
custom/conf	Add option to prohibit fork if user reached maximum limit of repositories (#21848 )	2022-12-27 15:21:14 -06:00
docker	Remove deprecated DSA host key from Docker Container (#21522 )	2022-11-03 19:49:12 +08:00
docs	Add deprecated warning for DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR (#22318 )	2023-01-03 07:54:27 +08:00
models	Always reuse transaction (#22362 )	2023-01-08 09:34:58 +08:00
modules	Always reuse transaction (#22362 )	2023-01-08 09:34:58 +08:00
options	[skip ci] Updated licenses and gitignores	2023-01-01 00:19:35 +00:00
public	Update JS dependencies and eslint (#22190 )	2022-12-20 17:15:47 -05:00
routers	make /{username}.png redirect to user/org avatar (#22356 )	2023-01-06 13:44:02 +01:00
services	Always reuse transaction (#22362 )	2023-01-08 09:34:58 +08:00
snap	Remove unnecessary whitespace in snapcraft.yaml (#22090 )	2022-12-10 08:31:16 -06:00
templates	Fix due date rendering the wrong date in issue (#22302 )	2023-01-02 10:49:05 +08:00
tests	Move `convert` package to services (#22264 )	2022-12-29 10:57:15 +08:00
tools	Rewrite fuzzers to native Go harnesses (#22313 )	2023-01-05 10:33:00 +08:00
web_src	Add Mermaid copy button, avoid unnecessary tooltip hide (#22225 )	2022-12-25 18:17:48 +01:00
.air.toml	Add more test directory to exclude dir of air, remove watching templates from air include dir because gitea has internal mechanism (#22246 )	2022-12-27 14:00:34 +08:00
.changelog.yml	Changelog for v1.15.0-rc1 (#16422 )	2021-07-15 11:47:57 -04:00
.dockerignore	Add .dockerignore (#21753 )	2022-11-10 04:04:09 +01:00
.drone.yml	Run hugo via `go run` and lock its version (#22206 )	2022-12-21 21:09:53 -05:00
.editorconfig	Add markdownlint (#20512 )	2022-07-28 09:22:47 +08:00
.eslintrc.yaml	Update JS dependencies and eslint (#22190 )	2022-12-20 17:15:47 -05:00
.gitattributes	Hook go-licenses into tidy again (#21353 )	2022-10-10 20:45:02 +02:00
.gitignore	Add go licenses to licenses.txt (#21034 )	2022-09-04 00:20:46 +02:00
.gitpod.yml	Add sqlite vscode extension to Gitpod configuration (#21552 )	2022-10-24 16:55:59 -04:00
.golangci.yml	Update go dev dependencies (#22064 )	2022-12-08 16:21:37 +08:00
.ignore	Add some .ignore entries (#18296 )	2022-01-16 17:26:15 +00:00
.lgtm	refactor: ignore LGTM from author of pull request. (#3283 )	2018-01-02 06:13:49 -06:00
.markdownlint.yaml	Add markdownlint (#20512 )	2022-07-28 09:22:47 +08:00
.npmrc	Stop packaging node_modules in release tarballs (#15273 )	2021-04-09 01:08:14 -04:00
.spectral.yaml	Add spectral linter for Swagger (#20321 )	2022-07-11 18:07:16 -05:00
.stylelintrc.yaml	Move all remaining colors into CSS variables (#21903 )	2022-11-23 08:22:27 +08:00
BSDmakefile	Add BSDmakefile to prevent errors when `make` is called under FreeBSD (#4446 )	2018-07-16 20:45:51 +02:00
build.go	Implement FSFE REUSE for golang files (#21840 )	2022-11-27 18:20:29 +00:00
CHANGELOG.md	Changelog v1.18.0 (#22215 ) (#22269 )	2022-12-31 03:17:54 +01:00
CONTRIBUTING.md	Update standard copyright header to use a placeholder year (#22254 )	2022-12-27 11:51:23 -06:00
DCO	follow the advisor: add DCO and some improvements	2016-11-04 16:43:41 +08:00
Dockerfile	Update to Alpine 3.17 (#21904 )	2022-12-02 11:23:26 -05:00
Dockerfile.rootless	Add dumb-init to rootless docker (#21775 )	2022-12-04 11:12:06 +00:00
go.mod	Upgrade go-chi to v5.0.8 (#22304 )	2023-01-01 11:23:26 +01:00
go.sum	Upgrade go-chi to v5.0.8 (#22304 )	2023-01-01 11:23:26 +01:00
LICENSE	Fix typo	2016-11-08 08:42:05 +01:00
main.go	Implement FSFE REUSE for golang files (#21840 )	2022-11-27 18:20:29 +00:00
MAINTAINERS	Update username (#22147 )	2022-12-16 15:11:03 +02:00
Makefile	Add more test directory to exclude dir of air, remove watching templates from air include dir because gitea has internal mechanism (#22246 )	2022-12-27 14:00:34 +08:00
package-lock.json	Bump json5 from 1.0.1 to 1.0.2 (#22365 )	2023-01-08 19:48:00 +08:00
package.json	Update JS dependencies and eslint (#22190 )	2022-12-20 17:15:47 -05:00
playwright.config.js	Update JS dependencies and eslint config (#21388 )	2022-10-10 20:02:20 +08:00
README.md	Add cynkra bronze sponsor (#21325 )	2022-10-13 21:44:04 -04:00
README_ZH.md	Refactor Gitpod configuration to improve quick spin up of automated dev environments (#21411 )	2022-10-12 12:17:04 -04:00
SECURITY.md	Add markdownlint (#20512 )	2022-07-28 09:22:47 +08:00
vitest.config.js	Update JS dependencies and eslint (#22190 )	2022-12-20 17:15:47 -05:00
webpack.config.js	Update JS dependencies and eslint (#22190 )	2022-12-20 17:15:47 -05:00

README.md

Gitea - Git with a cup of tea

View this document in Chinese

Purpose

The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service.

As Gitea is written in Go, it works across all the platforms and architectures that are supported by Go, including Linux, macOS, and Windows on x86, amd64, ARM and PowerPC architectures. You can try it out using the online demo. This project has been forked from Gogs since November of 2016, but a lot has changed.

Building

From the root of the source tree, run:

TAGS="bindata" make build

or if SQLite support is required:

TAGS="bindata sqlite sqlite_unlock_notify" make build

The build target is split into two sub-targets:

make backend which requires Go Stable, required version is defined in go.mod.
make frontend which requires Node.js LTS or greater and Internet connectivity to download npm dependencies.

When building from the official source tarballs which include pre-built frontend files, the frontend target will not be triggered, making it possible to build without Node.js and Internet connectivity.

Parallelism (make -j <num>) is not supported.

More info: https://docs.gitea.io/en-us/install-from-source/

Using

./gitea web

NOTE: If you're interested in using our APIs, we have experimental support with documentation.

Contributing

Expected workflow is: Fork -> Patch -> Push -> Pull Request

NOTES:

YOU MUST READ THE CONTRIBUTORS GUIDE BEFORE STARTING TO WORK ON A PULL REQUEST.
If you have found a vulnerability in the project, please write privately to security@gitea.io. Thanks!

Translating

Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.

You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.

https://docs.gitea.io/en-us/translation-guidelines/

Further information

For more information and instructions about how to install Gitea, please look at our documentation. If you have questions that are not covered by the documentation, you can get in contact with us on our Discord server or create a post in the discourse forum.

We maintain a list of Gitea-related projects at gitea/awesome-gitea.

The Hugo-based documentation theme is hosted at gitea/theme.

The official Gitea CLI is developed at gitea/tea.