Accepting request 1218913 from devel:tools:scm

- update to 9.0.1: * Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to timing attacks. * Because of a missing permission check, the branch used to propose a pull request to a repository can always be deleted by the user performing the merge. * Fix boolean inputs in workflow_dispatch * package arch database not updating when uploading "any" architecture * correct SQL query for active issues * specify default value for EXPLORE_DEFAULT_SORT. * fix: Add recentupdated as recognized sort option * Update dependency mermaid to v11.3.0 (v9.0/forgejo) * Always update expiration time when creating an artifact * Update scheduled tasks even if changes are pushed by "ActionsUser" * Fix disable 2fa bug * i18n: update of translations from Codeberg Translate * fix: make branch protection work for new branches * link to security policy in security.txt * fix: don't show truncated comments in RSS/Atom feeds * fix: typo on releases for source code downloads * Revert "add gap between branch dropdown and PR button" * fix: Don't double escape delete branch text * fix: Add server logging for OAuth server errors * forgejo-cli is now a symlink and cannot be used for sanity checks * fix: correct documentation for non 200 responses in swagger - forgejo is since 9.0.0 GPL-3.0-or-later (forwarded request 1218912 from rrahl0) OBS-URL: https://build.opensuse.org/request/show/1218913 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/forgejo?expand=0&rev=18
2024-10-29 13:35:58 +00:00 · 2024-10-29 13:35:58 +00:00 · 24f0157146
commit 24f0157146
parent f38a5bd8a9 ce6404f852
9 changed files with 55 additions and 24 deletions
--- a/forgejo-src-9.0.0.tar.gz
+++ b/forgejo-src-9.0.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:21364d6c1635711189f25da5dc343b3b28e8ade20a5f00202301ccc364adc1d2
-size 53905348
--- a/forgejo-src-9.0.0.tar.gz.asc
+++ b/forgejo-src-9.0.0.tar.gz.asc
@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZw/5ogAKCRCkthotxZI3
-EKC/AP9zdT9HGtdr1R84h8wJfMQryhV2VHQ0DZIvHL3OJU1OgAEAmT7X00H/MgRB
-oNnConnjMe+xLtIntIFitFFXd971oQ0=
-=JQRz
-----END PGP SIGNATURE-----
--- a/forgejo-src-9.0.1.tar.gz
+++ b/forgejo-src-9.0.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6748c49677374947eb619b13f9ede983682ae117b8c0405442cc9afc847c4040
+size 53961959
--- a/forgejo-src-9.0.1.tar.gz.asc
+++ b/forgejo-src-9.0.1.tar.gz.asc
@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+
+iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZx+nywAKCRCkthotxZI3
+ENlLAQCGXdYLfhCxIU8bKx+n2hvTvkbJPmPxs7FVhDtggAuq5gEAxubIGrthDqw9
+Qr9g7bvuMR7solGMkjzsB73IHqMsXwU=
+=g0qb
+-----END PGP SIGNATURE-----
--- a/forgejo.changes
+++ b/forgejo.changes
@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Mon Oct 28 17:09:05 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>
+
+- update to 9.0.1:
+  * Forgejo generates a token which is used to authenticate web endpoints that
+    are only meant to be used internally, for instance when the SSH daemon is
+    used to push a commit with Git. The verification of this token was not done
+    in constant time and was susceptible to timing attacks.
+  * Because of a missing permission check, the branch used to propose a pull
+    request to a repository can always be deleted by the user performing the merge.
+  * Fix boolean inputs in workflow_dispatch
+  * package arch database not updating when uploading "any" architecture
+  * correct SQL query for active issues
+  * specify default value for EXPLORE_DEFAULT_SORT.
+  * fix: Add recentupdated as recognized sort option
+  * Update dependency mermaid to v11.3.0 (v9.0/forgejo)
+  * Always update expiration time when creating an artifact
+  * Update scheduled tasks even if changes are pushed by "ActionsUser"
+  * Fix disable 2fa bug
+  * i18n: update of translations from Codeberg Translate
+  * fix: make branch protection work for new branches
+  * link to security policy in security.txt
+  * fix: don't show truncated comments in RSS/Atom feeds
+  * fix: typo on releases for source code downloads
+  * Revert "add gap between branch dropdown and PR button"
+  * fix: Don't double escape delete branch text
+  * fix: Add server logging for OAuth server errors
+  * forgejo-cli is now a symlink and cannot be used for sanity checks
+  * fix: correct documentation for non 200 responses in swagger
+- forgejo is since 9.0.0 GPL-3.0-or-later
+
 -------------------------------------------------------------------
 Thu Oct 17 14:52:33 UTC 2024 - Richard Rahl <rrahl0@opensuse.org>

--- a/forgejo.spec
+++ b/forgejo.spec
@ -30,10 +30,10 @@
 %endif
 %endif
 Name:           forgejo
-Version:        9.0.0
+Version:        9.0.1
 Release:        0
 Summary:        Self-hostable forge
-License:        MIT
+License:        GPL-3.0-or-later
 Group:          Development/Tools/Version Control
 URL:            https://forgejo.org
 Source0:        https://codeberg.org/%{name}/%{name}/releases/download/v%{version}/%{name}-src-%{version}.tar.gz
--- a/node_modules.obscpio
+++ b/node_modules.obscpio
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:27e35637ddfb2538a3ecbfa261eb88e93fe9fb1c04cb450aeaa179e09e220e01
-size 210178992
+oid sha256:b424002185eb0cfdfd4595ae155c0b8ab1574bc92c67bcaedeca2bdecd78fe89
+size 210358804
--- a/node_modules.spec.inc
+++ b/node_modules.spec.inc
@ -514,7 +514,7 @@ Source10512:         https://registry.npmjs.org/dom-input-range/-/dom-input-rang
 Source10513:         https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz#/dom-serializer-2.0.0.tgz
 Source10514:         https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz#/domelementtype-2.3.0.tgz
 Source10515:         https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz#/domhandler-5.0.3.tgz
-Source10516:         https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz#/dompurify-3.1.7.tgz
+Source10516:         https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz#/dompurify-3.1.6.tgz
 Source10517:         https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz#/domutils-3.1.0.tgz
 Source10518:         https://registry.npmjs.org/dropzone/-/dropzone-6.0.0-beta.2.tgz#/dropzone-6.0.0-beta.2.tgz
 Source10519:         https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz#/eastasianwidth-0.2.0.tgz
@ -826,7 +826,7 @@ Source10824:         https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz#/mdurl-2
 Source10825:         https://registry.npmjs.org/meow/-/meow-13.2.0.tgz#/meow-13.2.0.tgz
 Source10826:         https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz#/merge-stream-2.0.0.tgz
 Source10827:         https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz#/merge2-1.4.1.tgz
-Source10828:         https://registry.npmjs.org/mermaid/-/mermaid-11.2.1.tgz#/mermaid-11.2.1.tgz
+Source10828:         https://registry.npmjs.org/mermaid/-/mermaid-11.3.0.tgz#/mermaid-11.3.0.tgz
 Source10829:         https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz#/micromatch-4.0.8.tgz
 Source10830:         https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz#/mime-db-1.52.0.tgz
 Source10831:         https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz#/mime-types-2.1.35.tgz
--- a/package-lock.json
+++ b/package-lock.json
@ -30,7 +30,7 @@
        "idiomorph": "0.3.0",
        "jquery": "3.7.1",
        "katex": "0.16.11",
-        "mermaid": "11.2.1",
+        "mermaid": "11.3.0",
        "mini-css-extract-plugin": "2.9.1",
        "minimatch": "10.0.1",
        "monaco-editor": "0.51.0",
@ -7514,9 +7514,9 @@
      }
    },
    "node_modules/dompurify": {
-      "version": "3.1.7",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz",
-      "integrity": "sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ==",
+      "version": "3.1.6",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz",
+      "integrity": "sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==",
      "license": "(MPL-2.0 OR Apache-2.0)"
    },
    "node_modules/domutils": {
@ -11952,9 +11952,9 @@
      }
    },
    "node_modules/mermaid": {
-      "version": "11.2.1",
-      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.2.1.tgz",
-      "integrity": "sha512-F8TEaLVVyxTUmvKswVFyOkjPrlJA5h5vNR1f7ZnSWSpqxgEZG1hggtn/QCa7znC28bhlcrNh10qYaIiill7q4A==",
+      "version": "11.3.0",
+      "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.3.0.tgz",
+      "integrity": "sha512-fFmf2gRXLtlGzug4wpIGN+rQdZ30M8IZEB1D3eZkXNqC7puhqeURBcD/9tbwXsqBO+A6Nzzo3MSSepmnw5xSeg==",
      "license": "MIT",
      "dependencies": {
        "@braintree/sanitize-url": "^7.0.1",
@ -11967,7 +11967,7 @@
        "d3-sankey": "^0.12.3",
        "dagre-d3-es": "7.0.10",
        "dayjs": "^1.11.10",
-        "dompurify": "^3.0.11",
+        "dompurify": "^3.0.11 <3.1.7",
        "katex": "^0.16.9",
        "khroma": "^2.1.0",
        "lodash-es": "^4.17.21",