Accepting request 1175961 from home:rrahl0:upgrades

- update to 7.0.3:
  * CVE-2024-24788: a malformed DNS message in response to a query can
    cause the lookup functions to get stuck in an infinite loop
  * backticks in mermaid block diagram labels are not sanitized properly
  * migration of a repository from gogs fails when it is hosted at a subpath.
  * when creating an OAuth2 application the redirect URLs are not enforced to
    be mandatory
  * the API incorrectly excludes repositories where code is not enabled
  * "Allow edits from maintainers" cannot be modified via the pull request web UI
  * repository activity feeds (including RSS and Atom feeds) contain
    repeated activities
  * uploading maven packages with metadata being uploaded separately will fail
  * the mail notification sent about commits pushed to pull requests are empty
  * inline emails attachments are not properly handled when commenting on an
    issue via email
  * the links to .zip and tar.gz on the tag list web UI fail
  * expanding code diff while previewing a pull request before it is created fails
  * the CLI is not able to migrate Forgejo Actions artifacts
  * when adopting a repository, the default branch is not taken into account
  * when using reverse proxy authentication, logout will not be taken into
    account when immediately trying to login afterwards
  * pushing to the master branch of a sha256 repository fails
  * a very long project column name will make the action menu inaccessible
  * a useless error is displayed when the title of a merged pull request is
    modified
  * workflow badges are not working for workflows that are not running on push
    (such as scheduled workflows, and ones that run on tags and pull requests)

OBS-URL: https://build.opensuse.org/request/show/1175961
OBS-URL: https://build.opensuse.org/package/show/devel:tools:scm/forgejo?expand=0&rev=19
This commit is contained in:
Richard Rahl 2024-05-22 20:56:36 +00:00 committed by Git OBS Bridge
parent 15a49f0606
commit 7288b74937
10 changed files with 50 additions and 19 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:39b2079be7671f2248dcc36377ae20be65f20695d7f968ae227c0fc55dacca06
size 54862292

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZjO6FAAKCRCkthotxZI3
EG8/AQCcP2vaRefgRGo8VUhtRW5swivjyqfdDEs5cR0W8pBViAEAwInukGi78Ktw
as42wooc0bf0V8IKshGUV3/AnOK6FAE=
=lOwi
-----END PGP SIGNATURE-----

3
forgejo-src-7.0.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c9e85222eb27508e74a284cb125df7c6d7cfc31f52c62f1e305d2aeb1bdb7abc
size 54895104

View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTrEU9ebA3CvN0YNVCkthotxZI3EAUCZk4qfAAKCRCkthotxZI3
EK/FAP9m98DUdSUB+5LZFmha2VGPm1BtfeC3IMctTI1mpH3ARAD/RovDuiALj+MO
XGkkM8twN732GTGN+QvpSStcbUJCyQk=
=YTAy
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,34 @@
-------------------------------------------------------------------
Wed May 22 20:41:58 UTC 2024 - Richard Rahl <rrahl0@disroot.org>
- update to 7.0.3:
* CVE-2024-24788: a malformed DNS message in response to a query can
cause the lookup functions to get stuck in an infinite loop
* backticks in mermaid block diagram labels are not sanitized properly
* migration of a repository from gogs fails when it is hosted at a subpath.
* when creating an OAuth2 application the redirect URLs are not enforced to
be mandatory
* the API incorrectly excludes repositories where code is not enabled
* "Allow edits from maintainers" cannot be modified via the pull request web UI
* repository activity feeds (including RSS and Atom feeds) contain
repeated activities
* uploading maven packages with metadata being uploaded separately will fail
* the mail notification sent about commits pushed to pull requests are empty
* inline emails attachments are not properly handled when commenting on an
issue via email
* the links to .zip and tar.gz on the tag list web UI fail
* expanding code diff while previewing a pull request before it is created fails
* the CLI is not able to migrate Forgejo Actions artifacts
* when adopting a repository, the default branch is not taken into account
* when using reverse proxy authentication, logout will not be taken into
account when immediately trying to login afterwards
* pushing to the master branch of a sha256 repository fails
* a very long project column name will make the action menu inaccessible
* a useless error is displayed when the title of a merged pull request is
modified
* workflow badges are not working for workflows that are not running on push
(such as scheduled workflows, and ones that run on tags and pull requests)
-------------------------------------------------------------------
Fri May 3 00:35:37 UTC 2024 - Richard Rahl <rrahl0@disroot.org>

View File

@ -1,6 +1,6 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: Hostname:
Version: Hockeypuck 2.1.1-10-gec3b0e7
Version: Hockeypuck 2.2
xjMEY3T/yhYJKwYBBAHaRw8BAQdAVxqCQrSbpDNrx8CiTM8PUAVqdCyv2UmBDhpP
HZIpoIDNHUZvcmdlam8gPGNvbnRhY3RAZm9yZ2Vqby5vcmc+wsB+BBMWCgDmAhsD

View File

@ -30,7 +30,7 @@
%endif
%endif
Name: forgejo
Version: 7.0.2
Version: 7.0.3
Release: 0
Summary: Self-hostable forge
License: MIT

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:153a8bb7f7ea231d06759e4ebc681b06ecca9bb559f866b140b5f1d8a84cf922
size 185700044
oid sha256:f5ea0007b140d739de145225fce8a34d2e257d06891cdf39ca350e6bd3136236
size 185686620

View File

@ -665,7 +665,7 @@ Source10663: https://registry.npmjs.org/mdurl/-/mdurl-2.0.0.tgz#/mdurl-2
Source10664: https://registry.npmjs.org/meow/-/meow-13.2.0.tgz#/meow-13.2.0.tgz
Source10665: https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz#/merge-stream-2.0.0.tgz
Source10666: https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz#/merge2-1.4.1.tgz
Source10667: https://registry.npmjs.org/mermaid/-/mermaid-10.9.0.tgz#/mermaid-10.9.0.tgz
Source10667: https://registry.npmjs.org/mermaid/-/mermaid-10.9.1.tgz#/mermaid-10.9.1.tgz
Source10668: https://registry.npmjs.org/micromark/-/micromark-3.2.0.tgz#/micromark-3.2.0.tgz
Source10669: https://registry.npmjs.org/micromark-core-commonmark/-/micromark-core-commonmark-1.1.0.tgz#/micromark-core-commonmark-1.1.0.tgz
Source10670: https://registry.npmjs.org/micromark-factory-destination/-/micromark-factory-destination-1.1.0.tgz#/micromark-factory-destination-1.1.0.tgz

8
package-lock.json generated
View File

@ -34,7 +34,7 @@
"jquery": "3.7.1",
"katex": "0.16.10",
"license-checker-webpack-plugin": "0.2.1",
"mermaid": "10.9.0",
"mermaid": "10.9.1",
"mini-css-extract-plugin": "2.8.1",
"minimatch": "9.0.3",
"monaco-editor": "0.47.0",
@ -8232,9 +8232,9 @@
}
},
"node_modules/mermaid": {
"version": "10.9.0",
"resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.9.0.tgz",
"integrity": "sha512-swZju0hFox/B/qoLKK0rOxxgh8Cf7rJSfAUc1u8fezVihYMvrJAS45GzAxTVf4Q+xn9uMgitBcmWk7nWGXOs/g==",
"version": "10.9.1",
"resolved": "https://registry.npmjs.org/mermaid/-/mermaid-10.9.1.tgz",
"integrity": "sha512-Mx45Obds5W1UkW1nv/7dHRsbfMM1aOKA2+Pxs/IGHNonygDHwmng8xTHyS9z4KWVi0rbko8gjiBmuwwXQ7tiNA==",
"dependencies": {
"@braintree/sanitize-url": "^6.0.1",
"@types/d3-scale": "^4.0.3",