diff --git a/CHANGELOG.md b/CHANGELOG.md index 11b78462e4..faf3ddd835 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,9 @@ # Changelog -This changelog goes through the changes that have been made in each release -without substantial changes to our git log; to see the highlights of what has -been added to each release, please refer to the [blog](https://blog.gitea.com). -## [v1.26.1-moko.06.02.00] - 2026-06-02 +All notable changes to MokoGitea are documented here. Versions follow the format +`v{upstream}-moko.{major}.{minor}` (e.g. `v1.26.1-moko.06.02`). + +## [v1.26.1-moko.06] - 2026-06-04 * FEATURES * feat(licenses): full commercial license management system @@ -11,40 +11,38 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * Search keys by customer, domain, key number, email, or payment ref * Download gating (none/prerelease/all modes) * Domain lock grace period (DomainLockHours) + * Domain restriction on packages and keys (comma-separated allowed domains) * RepoScope enforcement — packages scoped to specific repos * Configurable license key prefix per organization + * Master key always visible with Regenerate button + * License package creation at repo level via modal * Manual release-to-stream mapping with UI selector - * Joomla changelog XML endpoint (/changelog.xml) - * SHA256 checksums from sidecar files in Joomla updates.xml - * Joomla-standard tag values (dev/alpha/beta/rc/stable) * Double confirmation modals for permanent deletion * Combolist channel picker (replaces checkboxes) * Extension metadata in repo settings (per-repo override) * API: package CRUD, key revoke, key renew, settings GET/PUT * API: purchase webhook with PaymentRef idempotency * API: public validation endpoint (no auth) - * Migration v340-v342: all new columns synced - * feat(updates): 7 platform update feeds - * Joomla XML with downloadkey, SHA256, changelog URL + * Migration v340-v344: all new columns synced + * feat(updates): Update Server system (renamed from "Licensing") + * Joomla XML with SHA256, changelog URL, version from asset filename * Dolibarr JSON with channel filtering * WordPress PUC-compatible JSON (plugin-update-checker) * Composer packages.json * PrestaShop module update XML * Drupal update status XML * WHMCS module update JSON - * feat(updates): feed always public — downloads gated separately - * feat(updates): stream-name tags supported alongside version tags - * feat(updates): version extraction via regex from release titles - * feat(updates): infourl defaults to release listing / support URL - * feat(updates): downloadkey prefix matches Akeeba pattern (dlid=) + * Feed always public — downloads gated separately + * Stream-name tags supported alongside version tags + * Omit `` for package extension types + * No `` when require_key is off * feat(orgs): enterprise sub-org hierarchy with parent-child relationships * feat(repos): three-level visibility — Public (200), Private (403), Hidden (404) - * feat(settings): separate licensing settings page (/settings/licensing) - * feat(settings): advanced settings on dedicated page (/settings/advanced) - * feat(settings): section headers with dividers and icons - * feat(ui): icons on all settings navbars (repo, org, user, admin) + * feat(settings): Update Server settings page with enable toggle in Advanced Settings + * feat(settings): advanced settings on dedicated page with dividing headers + * feat(settings): icons on all settings navbars (repo, org, user, admin) * feat(ui): styled 403 Access Denied page with inline login form - * feat(ui): open-in-new-tab button on feed URLs + * feat(issues): custom fields foundation — model, migration, settings UI * SECURITY * fix(security): ownership guards on all API handlers (cross-org prevention) * fix(security): RepoScope JSON parsing (substring matching bug) @@ -55,48 +53,45 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * fix(security): licensed private repos allow release viewing for signed-in users * fix(security): anonymous download access respects download_gating setting * FIXES - * fix(licenses): expanded delete permissions to org owners + site admins * fix(licenses): explicit xorm column names for UpdateStreamConfig fields * fix(licenses): feed always public when licensing enabled + * fix(settings): prevent double-highlight on Advanced Settings nav item + * fix(settings): redirect back to /settings/advanced after save + * fix(build): remove stale custom field API routes and dead code + * fix(build): replace invalid UTF-8 character in API comment * fix(build): permanent fixes for AI migration, feed/file.go, unused imports + * fix(updateserver): version extracted from asset filename (not release title) + * fix(updateserver): omit `` for package types per Joomla spec -## [v1.26.1-moko.05.15.00] - 2026-05-31 +## [v1.26.1-moko.05] - 2026-05-31 * BREAKING CHANGES * Deprecated Issue.Ref branch selector UI (#307) * Removed branch/tag selector from issue sidebar and new issue form - * Removed ref badge from issue lists - * Removed POST /ref web route and UpdateIssueRef handler * DB column and commit-close logic preserved for backward compatibility - * API create/edit still accept `ref` field (no-op) for backward compat * FEATURES - * feat(ui): add generic combo-multiselect component (#361) + * feat(ui): generic combo-multiselect component (#361) * Reusable dropdown with search, checkable items, and selected-items display - * Template: `shared/combolist.tmpl` — accepts Items, Name, Title, SelectedValues - * Decoupled from issue sidebar — works in any form context + * Template: `shared/combolist.tmpl` * feat(updates): extension metadata settings for update feed generation * feat(licenses): platform enforcement, key deletion, expired key cleanup - * feat(licenses): store keys in plaintext, show full key with copy button + * feat(actions): rebrand actions bot user to mokogitea-actions (#233, #234) + * Backward-compatible: recognizes github-actions[bot], gitea-actions[bot] + * feat(actions): actions bot user in branch protection whitelist (#233, #234) + * WhitelistActionsUser, MergeWhitelistActionsUser, ForcePushAllowlistActionsUser * TECH DEBT - * chore: full namespace migration from git.mokoconsulting.tech to code.mokoconsulting.tech (#336, #337, #344) - * Go module path, all imports, template URLs, workflow configs (2,276 files) + * chore: full namespace migration to code.mokoconsulting.tech (#336, #337, #344) * fix(blame): set HasSourceRenderedToggle for renderable files (#344) - * fix(settings): translate team permission strings via data-locale attributes (#344) + * fix(settings): translate team permission strings via data-locale (#344) * fix(dropzone): use relative path for non-image attachment markdown links (#344) * fix(templates): add required validation to issue dropdown fields (#350) - * refactor(ts): remove redundant `handled` field from MarkdownHandleIndentionResult (#350) - * refactor(go): rename HasOrgOrUserVisible to IsOwnerVisibleToDoer (#350) * refactor(go): replace ValuesRepository with maps.Values (Go 1.21+) (#357) - * refactor(go): remove CanEnableEditor wrapper, use CanContentChange directly (#357) - * fix(ts): parseIssueHref now uses URL pathname and trims appSubUrl (#360) - * fix(actions): enforce MaxJobNumPerRun (256) limit when creating jobs (#360) + * refactor(go): remove CanEnableEditor wrapper (#357) + * fix(ts): parseIssueHref uses URL pathname and trims appSubUrl (#360) + * fix(actions): enforce MaxJobNumPerRun (256) limit (#360) * fix(css): use calc(infinity * 1px) for --border-radius-full (#361) - * fix(css): remove legacy .center class from 2015, replace with tw-text-center (#361) - * chore: remove stale TODO from OAuth2 regenerate secret (already implemented) (#332) - * chore: remove stale pull request test stub TODOs (#328) - * chore: remove stale GetProjectsMode TODO - * chore: remove stale mustNotBeArchived/mustEnableEditor FIXME from API - * fix(routes): remove dead legacy /cherry-pick/{sha} route (replaced by /_cherrypick/) + * fix(css): remove legacy .center class, replace with tw-text-center (#361) + * fix(routes): remove dead legacy /cherry-pick/{sha} route * fix(feed): use full ref name instead of ShortName for file feed revision * BUGFIXES * fix(build): use slices.Collect for maps.Values (Go 1.23+ compat) @@ -104,25 +99,10 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * fix(licenses): only show licenses tab when licensing is enabled * fix(licenses): show feed URLs based on repo update platform setting * fix(updates): correct dlid prefix and align XML with Joomla standard - -## [v1.26.1-moko.05.06.00] - 2026-05-30 - -* FEATURES - * feat(actions): rebrand actions bot user to mokogitea-actions (#233, #234) - * Name: gitea-actions → mokogitea-actions, FullName: MokoGitea Actions - * Email: mokogitea-actions[bot]@mokoconsulting.tech - * Backward-compatible: recognizes github-actions[bot], gitea-actions[bot], mokogitea-actions[bot] - * feat(actions): add actions bot user to branch protection whitelist (#233, #234) - * New toggles: WhitelistActionsUser, MergeWhitelistActionsUser, ForcePushAllowlistActionsUser - * Allows CI/CD workflows to push/merge/force-push to protected branches when enabled - * DB migration v334 adds the three boolean columns - * Exposed in API (create/edit branch protection) and web UI settings * INFRASTRUCTURE * fix(ci): auto-deploy to production on merge to main (#235) - * Deploy workflow now triggers on push to main, not just manual dispatch - * Version derived from git describe for auto-deploys -## [v1.26.1-moko.04.00.00] - 2026-05-24 +## [v1.26.1-moko.04] - 2026-05-24 * SECURITY * Backport 12 upstream v1.26.2 security fixes: @@ -131,47 +111,38 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * OAuth PKCE hardening and refresh token replay protection (#142) * Wiki git write and LFS token access enforcement (#143) * Public-only token filtering in API queries (#144) - * Reading permission fix (#145) * Artifact signature payload hardening (#146) * AWS credentials encryption (#161) * Mermaid v11.15.0 security update (#162) * Composer package permission check (#164) * BUGFIXES * fix(actions): nil pointer dereference in concurrency during PR creation (#136) - * fix(ui): actions runs list broken row layout — CSS class mismatch (#138) - * fix: scheduled action panic with null event payload (upstream #37459) - * fix: treat email addresses case-insensitively (upstream #37600) + * fix(ui): actions runs list broken row layout (#138) + * fix: scheduled action panic with null event payload + * fix: treat email addresses case-insensitively * fix: .mod lexer panic — removed invalid AMPL mapping - * fix: remove unused setting import in action.go - * fix: restore Permission field access in context middleware * FEATURES - * Joomla-style updates.xml with channel selection (stable/dev/security/rc) - * Update checker reads from updates.xml with configurable CHANNEL setting - * Admin dashboard shows update banner with channel name and docker pull command - * Upstream bug sync workflow — daily automated issue creation from release/v1.26 + * Joomla-style updates.xml with channel selection + * Update checker with configurable CHANNEL setting + * Admin dashboard update banner with docker pull command + * Upstream bug sync workflow — daily automated issue creation * PR RC release workflow — auto-build RC on PR to main * INFRASTRUCTURE * New 3-part versioning: v{upstream}-moko.{major}.{minor}.{patch} - * Branding updates: error pages, home page, settings link to MokoGitea + * Branding updates: error pages, home page, settings link * Deploy workflow updated for new version format * PROCESS * Created `type: bug` and `upstream` labels for automated issue tracking - * Deduplicated 19 duplicate feature request issues * Closed 24 upstream bug/security issues after backporting -## [MokoGitea Unreleased] +## [v1.26.1-moko.03] - 2026-05-15 * FEATURES - * feat(api): Bulk issue operations — add/remove/replace labels, close/reopen, set milestone, and set assignees across multiple issues in a single request (#21) - * `POST /api/v1/repos/{owner}/{repo}/issues/bulk/labels` - * `POST /api/v1/repos/{owner}/{repo}/issues/bulk/state` - * `POST /api/v1/repos/{owner}/{repo}/issues/bulk/milestone` - * `POST /api/v1/repos/{owner}/{repo}/issues/bulk/assignees` - * Partial-failure support: returns per-issue success/failure map + * feat(api): Bulk issue operations — add/remove/replace labels, close/reopen, set milestone, assignees (#21) * INFRASTRUCTURE - * Grafana: Standardized kiosk header across all 14 playlist dashboards — each now shows dashboard name, kiosk link, terminal/exit/switch instructions + * Grafana: Standardized kiosk header across all 14 playlist dashboards * PROCESS - * Reopened 9 closed issues lacking documented testing proof (#3, #5, #38, #41, #70, #74, #75, #76, #78) + * Reopened 9 closed issues lacking documented testing proof * Created `pending: testing` label for features awaiting verification * Established policy: issues must not be closed without documented testing proof @@ -196,403 +167,3 @@ been added to each release, please refer to the [blog](https://blog.gitea.com). * Fix org team assignee/reviewer lookups for team member permissions (#37365) #37391 * Fix repo init README EOL (#37388) #37399 * Fix: dump with default zip type produces uncompressed zip (#37401)#37402 - -## [1.26.0](https://github.com/go-gitea/gitea/releases/tag/v1.26.0) - 2026-04-17 - -* BREAKING - * Correct swagger annotations for enums, status codes, and notification state (#37030) - * Remove GET API registration-token (#36801) - * Support Actions `concurrency` syntax (#32751) - * Make PUBLIC_URL_DETECTION default to "auto" (#36955) -* SECURITY - * Bound PageSize in `ListUnadoptedRepositories` (#36884) -* FEATURES - * Support Actions `concurrency` syntax (#32751) - * Add terraform state registry (#36710) - * Instance-wide (global) info banner and maintenance mode (#36571) - * Support rendering OpenAPI spec (#36449) - * Add keyboard shortcuts for repository file and code search (#36416) - * Add support for archive-upload rpc (#36391) - * Add ability to download subpath archive (#36371) - * Add workflow dependencies visualization (#26062) (#36248) & Restyle Workflow Graph (#36912) - * Automatic generation of release notes (#35977) - * Add "Go to file", "Delete Directory" to repo file list page (#35911) - * Introduce "config edit-ini" sub command to help maintaining INI config file (#35735) - * Add button to re-run failed jobs in Actions (#36924) - * Support actions and reusable workflows from private repos (#32562) - * Add summary to action runs view (#36883) - * Add user badges (#36752) - * Add configurable permissions for Actions automatic tokens (#36173) - * Add per-runner "Disable/Pause" (#36776) - * Feature non-zipped actions artifacts (action v7 / nodejs / npm v6.2.0) (#36786) -* PERFORMANCE - * WorkflowDispatch API optionally return runid (#36706) - * Add render cache for SVG icons (#36863) - * Load `mentionValues` asynchronously (#36739) - * Lazy-load some Vue components, fix heatmap chunk loading on every page (#36719) - * Load heatmap data asynchronously (#36622) - * Use prev/next pagination for user profile activities page to speed up (#36642) - * Refactor cat-file batch operations and support `--batch-command` approach (#35775) - * Use merge tree to detect conflicts when possible (#36400) -* ENHANCEMENTS - * Implement logout redirection for reverse proxy auth setups (#36085) (#37171) - * Adds option to force update new branch in contents routes (#35592) - * Add viewer controller for mermaid (zoom, drag) (#36557) - * Add code editor setting dropdowns (#36534) - * Add `elk` layout support to mermaid (#36486) - * Add resolve/unresolve review comment API endpoints (#36441) - * Allow configuring default PR base branch (fixes #36412) (#36425) - * Add support for RPM Errata (updateinfo.xml) (#37125) - * Require additional user confirmation for making repo private (#36959) - * Add `actions.WORKFLOW_DIRS` setting (#36619) - * Avoid opening new tab when downloading actions logs (#36740) - * Implements OIDC RP-Initiated Logout (#36724) - * Show workflow link (#37070) - * Desaturate dark theme background colors (#37056) - * Refactor "org teams" page and help new users to "add member" to an org (#37051) - * Add webhook name field to improve webhook identification (#37025) (#37040) - * Make task list checkboxes clickable in the preview tab (#37010) - * Improve severity labels in Actions logs and tweak colors (#36993) - * Linkify URLs in Actions workflow logs (#36986) - * Allow text selection on checkbox labels (#36970) - * Support dark/light theme images in markdown (#36922) - * Enable native dark mode for swagger-ui (#36899) - * Rework checkbox styling, remove `input` border hover effect (#36870) - * Refactor storage content-type handling of ServeDirectURL (#36804) - * Use "Enable Gravatar" but not "Disable" (#36771) - * Use case-insensitive matching for Git error "Not a valid object name" (#36728) - * Add "Copy Source" to markup comment menu (#36726) - * Change image transparency grid to CSS (#36711) - * Add "Run" prefix for unnamed action steps (#36624) - * Persist actions log time display settings in `localStorage` (#36623) - * Use first commit title for multi-commit PRs and fix auto-focus title field (#36606) - * Improve BuildCaseInsensitiveLike with lowercase (#36598) - * Improve diff highlighting (#36583) - * Exclude cancelled runs from failure-only email notifications (#36569) - * Use full-file highlighting for diff sections (#36561) - * Color command/error logs in Actions log (#36538) - * Add paging headers (#36521) - * Improve timeline entries for WIP prefix changes in pull requests (#36518) - * Add FOLDER_ICON_THEME configuration option (#36496) - * Normalize guessed languages for code highlighting (#36450) - * Add chunked transfer encoding support for LFS uploads (#36380) - * Indicate when only optional checks failed (#36367) - * Add 'allow_maintainer_edit' API option for creating a pull request (#36283) - * Support closing keywords with URL references (#36221) - * Improve diff file headers (#36215) - * Fix and enhance comment editor monospace toggle (#36181) - * Add git.DIFF_RENAME_SIMILARITY_THRESHOLD option (#36164) - * Add matching pair insertion to markdown textarea (#36121) - * Add sorting/filtering to admin user search API endpoint (#36112) - * Allow action user have read permission in public repo like other user (#36095) - * Disable matchBrackets in monaco (#36089) - * Use GitHub-style commit message for squash merge (#35987) - * Make composer registry support tar.gz and tar.bz2 and fix bugs (#35958) - * Add GITEA_PR_INDEX env variable to githooks (#35938) - * Add proper error message if session provider can not be created (#35520) - * Add button to copy file name in PR files (#35509) - * Move `X_FRAME_OPTIONS` setting from `cors` to `security` section (#30256) - * Add placeholder content for empty content page (#37114) - * Add `DEFAULT_DELETE_BRANCH_AFTER_MERGE` setting (#36917) - * Redirect to the only OAuth2 provider when no other login methods and fix various problems (#36901) - * Add admin badge to navbar avatar (#36790) - * Add `never` option to `PUBLIC_URL_DETECTION` configuration (#36785) - * Add background and run count to actions list page (#36707) - * Add icon to buttons "Close with Comment", "Close Pull Request", "Close Issue" (#36654) - * Add support for in_progress event in workflow_run webhook (#36979) - * Report commit status for pull_request_review events (#36589) - * Render merged pull request title as such in dashboard feed (#36479) - * Feature to be able to filter project boards by milestones (#36321) - * Use user id in noreply emails (#36550) - * Enable pagination on GiteaDownloader.getIssueReactions() (#36549) - * Remove striped tables in UI (#36509) - * Improve control char rendering and escape button styling (#37094) - * Support legacy run/job index-based URLs and refactor migration 326 (#37008) - * Add date to "No Contributions" tooltip (#36190) - * Show edit page confirmation dialog on tree view file change (#36130) - * Mention proc-receive in text for dashboard.resync_all_hooks func (#35991) - * Reuse selectable style for wiki (#35990) - * Support blue yellow colorblind theme (#35910) - * Support selecting theme on the footer (#35741) - * Improve online runner check (#35722) - * Add quick approve button on PR page (#35678) - * Enable commenting on expanded lines in PR diffs (#35662) - * Print PR-Title into tooltip for actions (#35579) - * Use explicit, stronger defaults for newly generated repo signing keys for Debian (#36236) - * Improve the compare page (#36261) - * Unify repo names in system notices (#36491) - * Move package settings to package instead of being tied to version (#37026) - * Add Actions API rerun endpoints for runs and jobs (#36768) - * Add branch_count to repository API (#35351) (#36743) - * Add created_by filter to SearchIssues (#36670) - * Allow admins to rename non-local users (#35970) - * Support updating branch via API (#35951) - * Add an option to automatically verify SSH keys from LDAP (#35927) - * Make "update file" API can create a new file when SHA is not set (#35738) - * Update issue.go with labels documentation (labels content, not ids) (#35522) - * Expose content_version for optimistic locking on issue and PR edits (#37035) - * Pass ServeHeaderOptions by value instead of pointer, fine tune httplib tests (#36982) -* BUGFIXES - * Frontend iframe renderer framework: 3D models, OpenAPI (#37233) (#37273) - * Fix CODEOWNERS absolute path matching. (#37244) (#37264) - * Swift registry metadata: preserve more JSON fields and accept empty metadata (#37254) (#37261) - * Fix user ssh key exporting and tests (#37256) (#37258) - * Fix team member avatar size and add tooltip (#37253) - * Fix commit title rendering in action run and blame (#37243) (#37251) - * Fix corrupted JSON caused by goccy library (#37214) (#37220) - * Add test for "fetch redirect", add CSS value validation for external render (#37207) (#37216) - * Fix incorrect concurrency check (#37205) (#37215) - * Fix handle missing base branch in PR commits API (#37193) (#37203) - * Fix encoding for Matrix Webhooks (#37190) (#37201) - * Fix handle fork-only commits in compare API (#37185) (#37199) - * Indicate form field readonly via background, fix RunUser config (#37175, #37180) (#37178) - * Report structurally invalid workflows to users (#37116) (#37164) - * Fix API not persisting pull request unit config when has_pull_requests is not set (#36718) - * Rename CSS variables and improve colorblind themes (#36353) - * Hide `add-matcher` and `remove-matcher` from actions job logs (#36520) - * Prevent navigation keys from triggering actions during IME composition (#36540) - * Fix vertical alignment of `.commit-sign-badge` children (#36570) - * Fix duplicate startup warnings in admin panel (#36641) - * Fix CODEOWNERS review request attribution using comment metadata (#36348) - * Fix HTML tags appearing in wiki table of contents (#36284) - * Fix various bugs (#37096) - * Fix various legacy problems (#37092) - * Fix RPM Registry 404 when package name contains 'package' (#37087) - * Merge some standalone Vite entries into index.js (#37085) - * Fix various problems (#37077) - * Fix issue label deletion with Actions tokens (#37013) - * Hide delete branch or tag buttons in mirror or archived repositories. (#37006) - * Fix org contact email not clearable once set (#36975) - * Fix a bug when forking a repository in an organization (#36950) - * Preserve sort order of exclusive labels from template repo (#36931) - * Make container registry support Apple Container (basic auth) (#36920) - * Fix the wrong push commits in the pull request when force push (#36914) - * Add class "list-header-filters" to the div for projects (#36889) - * Fix dbfs error handling (#36844) - * Fix incorrect viewed files counter if reverted change was viewed (#36819) - * Refactor avatar package, support default avatar fallback (#36788) - * Fix README symlink resolution in subdirectories like .github (#36775) - * Fix CSS stacking context issue in actions log (#36749) - * Add gpg signing for merge rebase and update by rebase (#36701) - * Delete non-exist branch should return 404 (#36694) - * Fix `TestActionsCollaborativeOwner` (#36657) - * Fix multi-arch Docker build SIGILL by splitting frontend stage (#36646) - * Fix linguist-detectable attribute being ignored for configuration files (#36640) - * Fix state desync in ComboMarkdownEditor (#36625) - * Unify DEFAULT_SHOW_FULL_NAME output in templates and dropdown (#36597) - * Pull Request Pusher should be the author of the merge (#36581) - * Fix various version parsing problems (#36553) - * Fix highlight diff result (#36539) - * Fix mirror sync parser and fix mirror messages (#36504) - * Fix bug when list pull request commits (#36485) - * Fix various bugs (#36446) - * Fix issue filter menu layout (#36426) - * Restrict branch naming when new change matches with protection rules (#36405) - * Fix link/origin referrer and login redirect (#36279) - * Generate IDs for HTML headings without id attribute (#36233) - * Use a migration test instead of a wrong test which populated the meta test repositories and fix a migration bug (#36160) - * Fix issue close timeline icon (#36138) - * Fix diff blob excerpt expansion (#35922) - * Fix external render (#35727) - * Fix review request webhook bug (#35339) (#35723) - * Fix shutdown waitgroup panic (#35676) - * Cleanup ActionRun creation (#35624) - * Fix possible bug when migrating issues/pull requests (#33487) - * Various fixes (#36697) - * Apply notify/register mail flags during install load (#37120) - * Repair duration display for bad stopped timestamps (#37121) - * Fix(upgrade.sh): use HTTPS for GPG key import and restore SELinux context after upgrade (#36930) - * Fix various trivial problems (#36921) - * Fix various trivial problems (#36953) - * Fix NuGet package upload error handling (#37074) - * Fix CodeQL code scanning alerts (#36858) - * Refactor issue sidebar and fix various problems (#37045) - * Fix various problems (#37029) - * Fix relative-time RangeError (#37021) - * Fix chroma lexer mapping (#36629) - * Fix typos and grammar in English locale (#36751) - * Fix milestone/project text overflow in issue sidebar (#36741) - * Fix `no-content` message not rendering after comment edit (#36733) - * Fix theme loading in development (#36605) - * Fix workflow run jobs API returning null steps (#36603) - * Fix timeline event layout overflow with long content (#36595) - * Fix minor UI issues in runner edit page (#36590) - * Fix incorrect vendored detections (#36508) - * Fix editorconfig not respected in PR Conversation view (#36492) - * Don't create self-references in merged PRs (#36490) - * Fix potential incorrect runID in run status update (#36437) - * Fix file-tree ui error when adding files to repo without commits (#36312) - * Improve image captcha contrast for dark mode (#36265) - * Fix panic in blame view when a file has only a single commit (#36230) - * Fix spelling error in migrate-storage cmd utility (#36226) - * Fix code highlighting on blame page (#36157) - * Fix nilnil in onedev downloader (#36154) - * Fix actions lint (#36029) - * Fix oauth2 session gob register (#36017) - * Fix Arch repo pacman.conf snippet (#35825) - * Fix a number of `strictNullChecks`-related issues (#35795) - * Fix URLJoin, markup render link reoslving, sign-in/up/linkaccount page common data (#36861) - * Hide delete directory button for mirror or archive repository and disable the menu item if user have no permission (#36384) - * Update message severity colors, fix navbar double border (#37019) - * Inline and lazy-load EasyMDE CSS, fix border colors (#36714) - * Closed milestones with no issues now show as 100% completed (#36220) - * Add test for ExtendCommentTreePathLength migration and fix bugs (#35791) - * Only turn links to current instance into hash links (#36237) - * Fix typos in code comments: doesnt, dont, wont (#36890) -* REFACTOR - * Clean up and improve non-gitea js error filter (#37148) (#37155) - * Always show owner/repo name in compare page dropdowns (#37172) (#37200) - * Remove dead CSS rules (#37173) (#37177) - * Replace Monaco with CodeMirror (#36764) - * Replace CSRF cookie with `CrossOriginProtection` (#36183) - * Replace index with id in actions routes (#36842) - * Remove unnecessary function parameter (#35765) - * Move jobparser from act repository to Gitea (#36699) - * Refactor compare router param parse (#36105) - * Optimize 'refreshAccesses' to perform update without removing then adding (#35702) - * Clean up checkbox cursor styles (#37016) - * Remove undocumented support of signing key in the repository git configuration file (#36143) - * Switch `cmd/` to use constructor functions. (#36962) - * Use `relative-time` to render absolute dates (#36238) - * Some refactors about GetMergeBase (#36186) - * Some small refactors (#36163) - * Use gitRepo as parameter instead of repopath when invoking sign functions (#36162) - * Move blame to gitrepo (#36161) - * Move some functions to gitrepo package to reduce RepoPath reference directly (#36126) - * Use gitrepo's clone and push when possible (#36093) - * Remove mermaid margin workaround (#35732) - * Move some functions to gitrepo package (#35543) - * Move GetDiverging functions to gitrepo (#35524) - * Use global lock instead of status pool for cron lock (#35507) - * Use explicit mux instead of DefaultServeMux (#36276) - * Use gitrepo's push function (#36245) - * Pass request context to generateAdditionalHeadersForIssue (#36274) - * Move assign project when creating pull request to the same database transaction (#36244) - * Move catfile batch to a sub package of git module (#36232) - * Use gitrepo.Repository instead of wikipath (#35398) - * Use experimental go json v2 library (#35392) - * Refactor template render (#36438) - * Refactor GetRepoRawDiffForFile to avoid unnecessary pipe or goroutine (#36434) - * Refactor text utility classes to Tailwind CSS (#36703) - * Refactor git command stdio pipe (#36422) - * Refactor git command context & pipeline (#36406) - * Refactor git command stdio pipe (#36393) - * Remove unused functions (#36672) - * Refactor Actions Token Access (#35688) - * Move commit related functions to gitrepo package (#35600) - * Move archive function to repo_model and gitrepo (#35514) - * Move some functions to gitrepo package (#35503) - * Use git model to detect whether branch exist instead of gitrepo method (#35459) - * Some refactor for repo path (#36251) - * Extract helper functions from SearchIssues (#36158) - * Refactor merge conan and container auth preserve actions taskID (#36560) - * Refactor Nuget Auth to reuse Basic Auth Token Validation (#36558) - * Refactor ActionsTaskID (#36503) - * Refactor auth middleware (#36848) - * Refactor code render and render control chars (#37078) - * Clean up AppURL, remove legacy origin-url webcomponent (#37090) - * Remove `util.URLJoin` and replace all callers with direct path concatenation (#36867) - * Replace legacy tw-flex utility classes with flex-text-block/inline (#36778) - * Mark unused&immature activitypub as "not implemented" (#36789) -* TESTING - * Add e2e tests for server push events (#36879) - * Rework e2e tests (#36634) - * Add e2e reaction test, improve accessibility, enable parallel testing (#37081) - * Increase e2e test timeouts on CI to fix flaky tests (#37053) -* BUILD - * Upgrade go-git to v5.18.0 (#37269) - * Replace rollup-plugin-license with rolldown-license-plugin (#37130) (#37158) - * Bump min go version to 1.26.2 (#37139) (#37143) - * Convert locale files from ini to json format (#35489) - * Bump golangci-lint to 2.7.2, enable modernize stringsbuilder (#36180) - * Port away from `flake-utils` (#35675) - * Remove nolint (#36252) - * Update the Unlicense copy to latest version (#36636) - * Update to go 1.26.0 and golangci-lint 2.9.0 (#36588) - * Replace `google/go-licenses` with custom generation (#36575) - * Update go dependencies (#36548) - * Bump appleboy/git-push-action from 1.0.0 to 1.2.0 (#36306) - * Remove fomantic form module (#36222) - * Bump setup-node to v6, re-enable cache (#36207) - * Bump crowdin/github-action from 1 to 2 (#36204) - * Revert "Bump alpine to 3.23 (#36185)" (#36202) - * Update chroma to v2.21.1 (#36201) - * Bump astral-sh/setup-uv from 6 to 7 (#36198) - * Bump docker/build-push-action from 5 to 6 (#36197) - * Bump aws-actions/configure-aws-credentials from 4 to 5 (#36196) - * Bump dev-hanz-ops/install-gh-cli-action from 0.1.0 to 0.2.1 (#36195) - * Add JSON linting (#36192) - * Enable dependabot for actions (#36191) - * Bump alpine to 3.23 (#36185) - * Update chroma to v2.21.0 (#36171) - * Update JS deps and eslint enhancements (#36147) - * Update JS deps (#36091) - * update golangci-lint to v2.7.0 (#36079) - * Update JS deps, fix deprecations (#36040) - * Update JS deps (#35978) - * Add toolchain directive to go.mod (#35901) - * Move `gitea-vet` to use `go tool` (#35878) - * Update to go 1.25.4 (#35877) - * Enable TypeScript `strictNullChecks` (#35843) - * Enable `vue/require-typed-ref` eslint rule (#35764) - * Update JS dependencies (#35759) - * Move `codeformat` folder to tools (#35758) - * Update dependencies (#35733) - * Bump happy-dom from 20.0.0 to 20.0.2 (#35677) - * Bump setup-go to v6 (#35660) - * Update JS deps, misc tweaks (#35643) - * Bump happy-dom from 19.0.2 to 20.0.0 (#35625) - * Use bundled version of spectral (#35573) - * Update JS and PY deps (#35565) - * Bump github.com/wneessen/go-mail from 0.6.2 to 0.7.1 (#35557) - * Migrate from webpack to vite (#37002) - * Update JS dependencies and misc tweaks (#37064) - * Update to eslint 10 (#36925) - * Optimize Docker build with dependency layer caching (#36864) - * Update JS deps (#36850) - * Update tool dependencies and fix new lint issues (#36702) - * Remove redundant linter rules (#36658) - * Move Fomantic dropdown CSS to custom module (#36530) - * Remove and forbid `@ts-expect-error` (#36513) - * Refactor git command stderr handling (#36402) - * Enable gocheckcompilerdirectives linter (#36156) - * Replace `lint-go-gopls` with additional `govet` linters (#36028) - * Update golangci-lint to v2.6.0 (#35801) - * Misc tool tweaks (#35734) - * Add cache to container build (#35697) - * Upgrade vite (#37126) - * Update `setup-uv` to v8.0.0 (#37101) - * Upgrade `go-git` to v5.17.2 and related dependencies (#37060) - * Raise minimum Node.js version to 22.18.0 (#37058) - * Upgrade `golang.org/x/image` to v0.38.0 (#37054) - * Update minimum go version to 1.26.1, golangci-lint to 2.11.2, fix test style (#36876) - * Enable eslint concurrency (#36878) - * Vendor relative-time-element as local web component (#36853) - * Update material-icon-theme v5.32.0 (#36832) - * Update Go dependencies (#36781) - * Upgrade minimatch (#36760) - * Remove i18n backport tool at the moment because of translation format changed (#36643) - * Update emoji data for Unicode 16 (#36596) - * Update JS dependencies, adjust webpack config, misc fixes (#36431) - * Update material-icon-theme to v5.31.0 (#36427) - * Update JS and PY deps (#36383) - * Bump alpine to 3.23, add platforms to `docker-dryrun` (#36379) - * Update JS deps (#36354) - * Update goldmark to v1.7.16 (#36343) - * Update chroma to v2.22.0 (#36342) -* DOCS - * Update AI Contribution Policy (#37022) - * Update AGENTS.md with additional guidelines (#37018) - * Add missing cron tasks to example ini (#37012) - * Add AI Contribution Policy to CONTRIBUTING.md (#36651) - * Minor punctuation improvement in CONTRIBUTING.md (#36291) - * Add documentation for markdown anchor post-processing (#36443) -* MISC - * Correct spelling (#36783) - * Update Nix flake (#37110) - * Update Nix flake (#37024) - * Add valid github scopes (#36977) - * Update Nix flake (#36943) - * Update Nix flake (#36902) - * Update Nix flake (#36857) - * Update Nix flake (#36787)