- The [security.txt](https://securitytxt.org/) is a standardized file to
help with reporting security vulnerabilities, by having the most essential
information served at `.well-known/security.txt`.
- Brand this file to point to the Forgejo security team.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1192
(cherry picked from commit 7ca1d0ec87bc23881f59ce3ea04390bf508ec0fa)
(cherry picked from commit ba974b016199cd279b8c7aca76a936910e9f4d69)
(cherry picked from commit 966fbcdcfdc8027aa31fe46eafa229854fe120ad)
(cherry picked from commit 8b9efebc6e5a211b64b003284bf3bb8c66c85662)
(cherry picked from commit 91b1c84c1873b6e07ff7e700429a4fc6f6c1e3bf)
(cherry picked from commit 30ade1ea0b6de3b634283bd3741b49abf37f9bf0)
(cherry picked from commit 15ec35014e1afda4010e1956722ab9ba78d53093)
(cherry picked from commit a5e8bb4a93ede29c077d246c984d4aa0da70a4ec)
(cherry picked from commit 273b03888f4e71009474a384c38cef605d2763a2)
(cherry picked from commit 69b6b53fe5d94ab34d3f47d2327e1915fa883cde)
(cherry picked from commit e22a512fde49fd8023206fcbe509a4d53770647f)
(cherry picked from commit 958b3e4877562e2755c297a79f31243e9c350c1c)
(cherry picked from commit d1ad5daa51a7c9f1dd32e20b50f06e786fd1803c)
(cherry picked from commit a4868c4d79a67d2502cab39f47963a0e0cc10a8c)
(cherry picked from commit ce4692d352feda4bb7e1a22126de8d9c3fed46df)
(cherry picked from commit 7cb94c23fddaa7de07c2120256d22cdebe82db91)
(cherry picked from commit 05fa514e146a8d88bf0883013f50040edc38b4b6)
(cherry picked from commit be70e501143233558f9e3cf989fbd22999cd0ec3)
(cherry picked from commit 576997ac9ac1ba9bfd8af62c34f84ff6412e5eed)
(cherry picked from commit 5ca08987179c38632eb50862b36ee6d0d1e9d523)
(cherry picked from commit 69db3def9961bf1d3d41ce97388f5df5439ca1b3)
(cherry picked from commit 577aec56fe350a232d08f91a7f2dc07d4a6eb527)
(cherry picked from commit 1256e4f2f16e5f446ffe48319fec1e52cd7cc481)
(cherry picked from commit 98abae947e2c6b8964c56c7cd8fc4caa36d24c14)
(cherry picked from commit 3106f876d26b030933d8b93ff11d765e79e15e1d)
(cherry picked from commit f42622c7d5a28859f535e0d86ece06101baad1ef)
(cherry picked from commit a39e7f2a79f6527d45439f21bd88378264160c3a)
(cherry picked from commit afa2a31bb99c0fd9cd25c3c0279e6c49695b1900)
(cherry picked from commit 276e8856e594ad7e73414382d34fdf0278cbca6a)
(cherry picked from commit 68e3bd469f2e8190db70d4e1564fb46d01feb5f4)
(cherry picked from commit af124b9ccbb0b699ea5d1bf1530613cb9a96f205)
(cherry picked from commit b89ab4874d403c784c92e579f4f6a854621c0078)
(cherry picked from commit 0f2a2f0d0ff9851428d6899e307f3547d7651f87)
(cherry picked from commit 80999363c73e4e01cbf9116491743c87baa952af)
(cherry picked from commit f8880b5463aa1db047d89080d21e7a69979eb4a6)
(cherry picked from commit 5f4cf4f6e143237c81da3e80875727cef4b76343)
(cherry picked from commit b38e26bc1a8bb117f571672961a8445cfc02c953)
(cherry picked from commit d839e0033244b63df16c8b548cc52106fc693629)
(cherry picked from commit 32ffe2e4f12c16a44a759c906078d40731c1a0c7)
(cherry picked from commit f1fd0504add78ae3fb5c710ab5a9ada20321afac)
(cherry picked from commit 6d77ea4d60a193d9d4175c4943b34077228e5964)
(cherry picked from commit 61a0a4a276303c3fd56f93fd109e3416cfdf7c60)
(cherry picked from commit a90b4126fdd55feef43f45d1dc3e3400806a476b)
(cherry picked from commit 9a20538fb4e88682e213a20813b77cc0f602fbfd)
(cherry picked from commit ce0fc02f0fbaa45b146fed175ce68bd02c507f3e)
(cherry picked from commit 541f7cb026f976d078ecb6da3a6c9e13cc4336f2)
(cherry picked from commit d6d0c2ab78a14d7aac8d7b6b0d007149de2f7295)
(cherry picked from commit 2c28f5ad2496cf30eb15d6caf9171b79e5017141)
(cherry picked from commit 9571bddb3308e3c1f0383e60f972ca61a0a467b7)
(cherry picked from commit c83ba08d01f149ecd52d983eec76bd60822c1ddd)
(cherry picked from commit 30e7d567ede79c015d0d115d9a2d535e6c681cb9)
(cherry picked from commit a8b8c3eba75511449dc97fa27b37db1076ce95f0)
(cherry picked from commit 8e053e1ade4710ade3b6e4bc6aa04fe9281243d7)
(cherry picked from commit 9e3b0f7520a56e5eb22cd0e33e231ea9063f0e1f)
(cherry picked from commit 2343b9bd09cda3e474b36842fae419f9fe32b134)
(cherry picked from commit 56572d4156050c2beb62f63a871375fdc2424271)
(cherry picked from commit 9b09eda1680282f8114f752e52afd544ef30350c)
(cherry picked from commit 86a8b7b4904158ea80d259d7a1846528a9b3c403)
(cherry picked from commit 99a550c0e3de3bd8d17a610b849da0c04f776dbd)
(cherry picked from commit bdcf3f51e07c9f5f067fca7501ad69c42f925197)
(cherry picked from commit cec8f2d31e1cd9237120ee57af80b17e4abf026e)
(cherry picked from commit 25aa22ba2b8b8bdb215c14002ebc137e2e70cad4)
(cherry picked from commit 31510249a01fad40cc001277f5bcbe57248b0330)
(cherry picked from commit 95dc569227ac57c2efe7817edb6749fcead0ec24)
(cherry picked from commit f6caf5f1b9f8f560fcfef29247525c018976dcde)
(cherry picked from commit aba34fbf70dce183907083593cab7716597575a3)
(cherry picked from commit 41b816fdac30cfca311d5c24c155301de5d08a40)
(cherry picked from commit c98e79b89f5a12b50b6eb1ff1d0afc2cbd756ca3)
(cherry picked from commit d33d4f193cd79493e3d206e0c73395aea5bd305c)
(cherry picked from commit 4e5bb41cbe9823f8c198a54b56f0ee66b9cf8bf8)
(cherry picked from commit 3aa8ddb8cb4cb836b98c465342b106d027868606)
(cherry picked from commit e8057040bb751d1bdcb0e7412495da353189a02f)
(cherry picked from commit f3bf61e51e8c44ac098dca03532507bae5b65fc1)
(cherry picked from commit e9d08aad76cc38a81e9489871e1116819f84052e)
(cherry picked from commit 20b56692693e054bb3c04b4ef12b29b0715b4530)
(cherry picked from commit 1574643a6a9634e5b92c033a4bfb69062a86bd05)
Update semantic version according to specification
(cherry picked from commit 22510f41306f9c133a7e99b61f9c38dabfd4b810)
Mise à jour de 'Makefile'
(cherry picked from commit c3d85d8409f1bb18a45659a167cf1ffee057f3b6)
(cherry picked from commit 5ea23098513c068444226af41faf9be9c4c998e6)
(cherry picked from commit ec5217b9d1b94bb04e34ce8c27eecbdc6f3a247a)
(cherry picked from commit 14f08e364b2ad7e3176b45d3ec8da5f5605b4315)
(cherry picked from commit b4465c67b8737aed9fd79a43046aa3795a298e68)
[API] [SEMVER] replace number with version
(cherry picked from commit fba48e64977a75e77c9c6cf8e3f8a679a5e7b733)
(cherry picked from commit 532ec5d8782703b62d7d02312764e50637cd016e)
[API] [SEMVER] [v1.20] less is replaced by css
(cherry picked from commit 01ca3a4f4291cf4c62df42cbd12a00638f3cdc70)
(cherry picked from commit 1d928c3ab2e1fda6082e1400d89ea96d6605ebaa)
(cherry picked from commit a39dc804cd1da86444ed709455857f069475e7db)
Conflicts:
webpack.config.js
(cherry picked from commit adc68578b3eb41215338125edfca91804706f8a1)
(cherry picked from commit 9b8d98475fd7efcc15bf0d91b0af6ef3aff64508)
(cherry picked from commit 25161039745a63282257eded9616390241af8013)
(cherry picked from commit 18e6287963a0e1863cd08fd514a4e732a1904a68)
(cherry picked from commit e9694e67ab93ad74f7eae3152d88d95e8493e739)
(cherry picked from commit a9763edaf002c8009a2cca4115cb8b926f8cdc85)
(cherry picked from commit e2b550f4fba144f9637a212b56bfe30cac1adb3b)
(cherry picked from commit 2edac36701e8fa1ff67f87dccfa34cfc00ab66de)
[API] Forgejo API /api/forgejo/v1 (squash)
Update semver as v1.20 is entering release candidate mode
(cherry picked from commit 4995098ec3c6eee19a7ad7bc956b71c6e937c04c)
(cherry picked from commit 578ccfdd27d7a280050bdf61d497d07decf98f2f)
(cherry picked from commit 1bf6ac09520490f0a56b9b55d7836c2d8ea5d22c)
(cherry picked from commit 2fe16b2bfed62c0386d0bfe104f7dcc621d1c3be)
(cherry picked from commit 7cd9d027eec5a2b328d06a47f34545943560fe1b)
(cherry picked from commit eaed4be2ae88055a15dcc96564440c301a13ba8e)
(cherry picked from commit cc94f3115f844a0f16064e49e5eb719d33bc4441)
(cherry picked from commit d7a77e35ccfd2d0fc2ba98932296ab7354edd2db)
(cherry picked from commit cd8eb68ab7b3e2eaacf78d370c762f43cc19fd6a)
(cherry picked from commit 68487ac95f742837e7ff38df902834b6173cd9ab)
(cherry picked from commit 616dceb565456d6fac6f58b1c4de43e9d3254090)
(cherry picked from commit 545fe5975b47d2eab348a57b87c6fd4590f33442)
(cherry picked from commit c042cf8eda2dea805138bd64daa7fbe07865ed5a)
(cherry picked from commit ae5e5a7468aa66312055a26841f658574a9b0dd7)
(cherry picked from commit 8034ef5fa2648a127f8c84c572bec02a1ff6bb9f)
(cherry picked from commit aaf0293034468505449d33ab1483ae65b4175754)
(cherry picked from commit daafa8ce58e5e6077da585b13e5190856228a4a3)
(cherry picked from commit 7ca3681d3e2ed5ec1ae44364cba476d642e2b557)
(cherry picked from commit 39f72cba71ff3f9d2cbb05c88031b34933573a8c)
(cherry picked from commit 60a591713097384935ba0ac51a5cd4793f7544a8)
(cherry picked from commit 4853bd9e16bc8986ba8159349e93bc3093dc8ab9)
[API] Move forgejo api file (squash)
- Move the file to accommodate faa28b5a44
(cherry picked from commit bce89351d251bfa18c677b30bc7da80856d919fb)
(cherry picked from commit 11ae7f6e85395b287c6f4108c531aa1a81fd964c)
(cherry picked from commit 25e96cfcb28859406329090eb0c7990bea4e73eb)
(cherry picked from commit 6d8d19b39156a7f8b4db5022915590593df94f1f)
(cherry picked from commit 5afc5c454b7d70f95b83e6c3b4c9e2cb6e2d0ef5)
(cherry picked from commit 86d07b4c249211bdb77c0520f99f2c8e5d89b516)
(cherry picked from commit e54d869fdae44811faaa80f3757efbc93bf0bce4)
(cherry picked from commit ab31ef1bba3bc5188e0f3ce5e5fa33335877cf47)
(cherry picked from commit 511cbca2f3799646edf8eae00464b87f43ca280f)
(cherry picked from commit 333916fea874509063f9449f07d79e4cafbcf06f)
(cherry picked from commit 3802bcd7c9865b77151ef454c0bdc2ce32157a41)
(cherry picked from commit 5d0fa034f77388ed21735a22cf1a2a23562245c3)
(cherry picked from commit d15627aa0dfb4ffc2eb7ab0ce99b7c5b2bf06dcf)
(cherry picked from commit ba0b21b9305b6fecf23aeec213f1a95d96ce72fb)
(cherry picked from commit 39ade66aac7f8cccd980d1f435b92465a50be032)
- Update all JS and PY dependencies minus `@mcaptcha/vanilla-glue`
- Adapt to eslint rule rename
- Regenerate all SVGs because of [new
optimizations](https://github.com/svg/svgo/releases/tag/v3.0.4) from
svgo.
- Tested mentions, mermaid, vue, api docs
- Update all JS and Poetry dependencies
- Remove deprecated `eslint-plugin-custom-elements` and replace it with
rules from `eslint-plugin-wc`
- Add a convenience `make update` to update both js and py dependencies
- Tested markdown toolbar, swagger and citation
- Drop Node.js 16 since it reached EOL
- Upgrade js dependencies
- Two packages have major version bump
- `updates`: require node 18
- `eslint-plugin-array-func`: require `eslint` 8.40.0, which is
satisfied
- Run `make svg` for `@primer/octicons` update
Replace #25892
Close #21942
Close #25464
Major changes:
1. Serve "robots.txt" and ".well-known/security.txt" in the "public"
custom path
* All files in "public/.well-known" can be served, just like
"public/assets"
3. Add a test for ".well-known/security.txt"
4. Simplify the "FileHandlerFunc" logic, now the paths are consistent so
the code can be simpler
5. Add CORS header for ".well-known" endpoints
6. Add logs to tell users they should move some of their legacy custom
public files
```
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt
```
This PR is not breaking.
---------
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
Move `public/*` to `public/assets/*`
Some old PRs (like #15219) introduced inconsistent directory system.
For example: why the local directory "public" is accessed by
`http://site/assets`? How to serve the ".well-known" files properly in
the public directory?
For convention rules, the "public" directory is widely used for the
website's root directory. It shouldn't be an exception for Gitea.
So, this PR makes the things consistent:
* `http://site/assets/foo` means `{CustomPath}/public/assets/foo`.
* `{CustomPath}/public/.well-known` and `{CustomPath}/public/robots.txt`
can be used in the future.
This PR is also a prerequisite for a clear solution for:
* #21942
* #25892
* discourse.gitea.io: [.well-known path serving custom files behind
proxy?](https://discourse.gitea.io/t/well-known-path-serving-custom-files-behind-proxy/5445/1)
This PR is breaking for users who have custom "public" files (CSS/JS).
After getting approvals, I will update the documents.
----
## ⚠️ BREAKING ⚠️
If you have files in your "custom/public/" folder, please move them to
"custom/public/assets/".
---------
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Giteabot <teabot@gitea.io>
- Update all JS dependencies
- Enable stylint
[`media-feature-name-value-no-unknown`](https://stylelint.io/user-guide/rules/media-feature-name-value-no-unknown)
- Make use of new features in webpack and text-expander-element
- Tested Swagger and Mermaid
To explain the `text-expander-element` change: Before this version, the
element added a unavoidable space after emoji completion. Now that
https://github.com/github/text-expander-element/pull/36 is in, we gain
control over this space and I opted to remove it for emoji completion
and retain it for `@` mentions.
---------
Co-authored-by: Giteabot <teabot@gitea.io>
The plan is that all built-in auth providers use inline SVG for more
flexibility in styling and to get the GitHub icon to follow
`currentcolor`. This only removes the `public/img/auth` directory and
adds the missing svgs to our svg build.
It should map the built-in providers to these SVGs and render them. If
the user has set a Icon URL, it should render that as an `img` tag
instead.
```
gitea-azure-ad
gitea-bitbucket
gitea-discord
gitea-dropbox
gitea-facebook
gitea-gitea
gitea-gitlab
gitea-google
gitea-mastodon
gitea-microsoftonline
gitea-nextcloud
gitea-twitter
gitea-yandex
octicon-mark-github
```
GitHub logo is now white again on dark theme:
<img width="431" alt="Screenshot 2023-06-12 at 21 45 34"
src="https://github.com/go-gitea/gitea/assets/115237/27a43504-d60a-4132-a502-336b25883e4d">
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: @awkwardbunny
This PR adds a Debian package registry. You can follow [this
tutorial](https://www.baeldung.com/linux/create-debian-package) to build
a *.deb package for testing. Source packages are not supported at the
moment and I did not find documentation of the architecture "all" and
how these packages should be treated.
---------
Co-authored-by: Brian Hong <brian@hongs.me>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
This improves a lot of accessibility shortcomings.
Every possible instance of `<div class="button">` matching the command
`ag '<[^ab].*?class=.*?[" ]button[ "]' templates/ | grep -v 'dropdown'`
has been converted when possible.
divs with the `dropdown` class and their children were omitted as
1. more analysis must be conducted whether the dropdowns still work as
intended when they are a `button` instead of a `div`.
2. most dropdowns have `div`s as children. The HTML standard disallows
`div`s inside `button`s.
3. When a dropdown child that's part of the displayed text content is
converted to a `button`, the dropdown can be focused twice
Further changes include that all "gitea-managed" buttons with JS code
received an `e.preventDefault()` so that they don't accidentally submit
an underlying form, which would execute instead of cancel the action.
Lastly, some minor issues were fixed as well during the refactoring.
## Future improvements
As mentioned in
https://github.com/go-gitea/gitea/pull/23337#discussion_r1127277391,
`<a>`s without `href` attribute are not focusable.
They should later on be converted to `<button>`s.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
- Update all JS dependencies
- Add new eslint rules
- Rebuild SVGs
- Tested citation and build
SVG changes are because of https://github.com/primer/octicons/pull/883.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
- Update all JS dependencies to latest version
- Enable unicorn/prefer-node-protocol and autofix issues
- Regenerate SVGs
- Add some comments to eslint rules
- Tested build, Mermaid and Katex rendering
- Update all JS dependencies and playwright image
- Add new eslint rules, enable a few more, fix issues
- Regenerate SVGs
- Tested Vue and Swagger
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The layout on the review code view was broken depending on length of the text. Change all three buttons to icons with tooltip to make more space for these long texts.
Fixes: #20922
It seemed a tad to big compared to other icons. Shrink it slightly.
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Fix commit status popover and switch to svg icons
* margin tweak
* fix integration, use warning sign for error to match previous
* remove fix from here, will be a new pr
* use top/bottom positioning
* vertically center
* use no-entry over alert oction
* add exclamation icon
* fix test selector
* more test fixes