Replace dropzone with @deltablot/dropzone (#37237)#37247
Closed
Copilot wants to merge 41 commits intorelease/v1.26from
Closed
Replace dropzone with @deltablot/dropzone (#37237)#37247Copilot wants to merge 41 commits intorelease/v1.26from
dropzone with @deltablot/dropzone (#37237)#37247Copilot wants to merge 41 commits intorelease/v1.26from
Conversation
Fixes #36512 This PR adds a new API endpoint to delete all repositories within an organization in a single operation, improving efficiency for organization cleanup and management tasks. --------- Signed-off-by: Karthik Bhandary <34509856+karthikbhandary2@users.noreply.github.com> Co-authored-by: karthik.bhandary <karthik.bhandary@kfintech.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Update Go from 1.26.1 to 1.26.2 to fix 6 stdlib vulnerabilities: - GO-2026-4947: `crypto/x509` chain building - GO-2026-4946: `crypto/x509` policy validation - GO-2026-4870: `crypto/tls` KeyUpdate DoS - GO-2026-4869: `archive/tar` unbounded allocation - GO-2026-4866: `crypto/x509` name constraints bypass - GO-2026-4865: `html/template` XSS Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
--- | | from | to | | --- | ---- | --- | | esbuild | `0.27.4` | `0.28.0` | | katex | `0.16.44` | `0.16.45` | | postcss | `8.5.8` | `8.5.9` | | swagger-ui-dist | `5.32.1` | `5.32.2` | | vite | `8.0.5` | `8.0.7` | | vue | `3.5.31` | `3.5.32` |
| | from | to | | --- | ---- | --- | | github.com/aws/aws-sdk-go-v2/credentials | `v1.19.13` | `v1.19.14` | | github.com/go-co-op/gocron/v2 | `v2.19.1` | `v2.20.0` | | github.com/go-enry/go-enry/v2 | `v2.9.5` | `v2.9.6` | | github.com/go-webauthn/webauthn | `v0.16.1` | `v0.16.3` | | github.com/google/pprof | `v0.0.0-20260302011040-a15ffb7f9dcc` | `v0.0.0-20260402051712-545e8a4df936` | | github.com/lib/pq | `v1.12.1` | `v1.12.3` | | github.com/mattn/go-isatty | `v0.0.20` | `v0.0.21` | | github.com/mattn/go-sqlite3 | `v1.14.38` | `v1.14.42` | | github.com/minio/minio-go/v7 | `v7.0.99` | `v7.0.100` | | golang.org/x/sys | `v0.42.0` | `v0.43.0` | | google.golang.org/grpc | `v1.79.3` | `v1.80.0` |
…ixture files (#37150) Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com>
1. Filter out errors that contain `chrome-extension://` etc protocols 2. Extract filtering into its own function and test it 3. Fix the `window.config.assetUrlPrefix` mock, guaranteed to end with `/assets` 4. Remove useless `??` and `?.` for properties that always exist Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
Replace `rollup-plugin-license` and `wrap-ansi` with [`rolldown-license-plugin`](https://github.com/silverwind/rolldown-license-plugin), a zero-dependency plugin with async parallel I/O and built-in word wrapping. - Removes `rollup-plugin-license` (pulls in `lodash`, `moment`) and `wrap-ansi` from the dependency tree - License build time reduced by ~40% (370ms vs 640ms) - Added e2e test for `licenses.txt` Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
`model.ReadWorkflow` succeeds for YAML that is syntactically valid but fails deeper parsing in `jobparser.Parse` (e.g. blank lines inside `run: |` blocks cause a SetJob round-trip error). Add `ValidateWorkflowContent` which runs the full `jobparser.Parse` to catch these cases, and use it in the file view, the actions workflow list, and the workflow detection loop so users see the error instead of silently getting a 500 or a dropped workflow. Fixes #37115 Signed-off-by: Nicolas <bircni@icloud.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
When running `golangci-lint` without `GOEXPERIMENT=jsonv2`, a lint error `import 'encoding/json' is not allowed` is seen. All other files in the module that import `encodings/json` have `//nolint` already, so add it. --- This PR was written with the help of Claude Opus 4.6 Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
When authentication is handled externally by a reverse proxy SSO provider, users can be redirected to an external logout URL or relative path defined on the reverse proxy. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
`TestCatFileBatch/QueryTerminated` relied on timing to distinguish `os.ErrClosed` vs `io.EOF` error paths. Replace `time.Sleep`-based synchronization with a channel-based hook on pipe close, making both error paths fully deterministic regardless of CI runner speed. Ref: https://github.com/go-gitea/gitea/actions/runs/24193070536/job/70615366804 Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Remove CSS rules whose HTML classes/IDs are no longer referenced in any template, Go source, or JavaScript/TypeScript file: - `.archived-icon`: removed from templates in c85bb62 - `.bottom-line`: removed from blame rendering in 9c6aeb4 - `.commit-status-link`: removed from templates in f3c4baa - `.instruct-toggle`: removed from templates in 75e85c2 - `.runner-new-text`, `#runner-new`: never referenced outside CSS - `.ap-terminal`: stale, asciinema-player uses `.ap-term`, still not needed - `.scrolling.dimmable.dimmed`: dimmer stand-in never adds this class - `.markup span.align-center/align-right/float-left/float-right`: never produced by any renderer, sanitizer strips class attributes - `.markup ul.no-list`, `.markup ol.no-list`: same as above --- This PR was written with the help of Claude Opus 4.6 --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
The `Run As Username` field on the install page was a `readonly` input that looked editable but wasn't, confusing users. Style `readonly` inputs with a subtle background, matching other frameworks. Fixes: #37174 Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
1. Fix the "flash message" layout problem for different cases * I am sure most of the users should have ever seen the ugly center-aligned error message with multiple lines. 2. Fix inconsistent "Details" flash message EOL handling, sometimes `\n`, sometimes `<br>` * Now, always use "\n" and use `<pre>` to render 3. Remove SanitizeHTML template func because it is not useful and can be easily abused. * But it is still kept for mail templates, for example: #36049 4. Clarify PostProcessCommitMessage's behavior and add FIXME comment By the way: cleaned up some devtest pages, move embedded style block to CSS file
That logic is from 2014~2015, it unclear why it is necessary or whether it is still needed (whether Windows is still special) The comment "so just use current one if config says default" is not right anymore: "git" isn't the "default" value of RunUser (Comment out app.example.ini #15807). The RunUser's value is from current session's username.
This PR updates `CONTRIBUTING.md` for clarity (code review, maintainers, PR workflow) ## Suggestion - majors about every **three months**, with a more predictable cadence from **v1.26** onward. - target dates such as **v1.26.0** (April 2026), **v1.27.0** (June 2026), **v1.28.0** (September 2026), **v1.29.0** (December 2026). - announce feature freeze **two weeks** before each release. ## Other doc changes - Reviewing PRs: separate guidance for reviewers vs authors; small edits to maintaining PRs, merge queue, commit messages, co-authors. - Maintainers: clearer subsections; links to GitHub Docs for 2FA / GPG. - Split the Contributing.md into more useful markdown files --------- Signed-off-by: Nicolas <bircni@icloud.com>
Fix 500 error when comparing branches across fork repositories ## Problem The compare API returns a 500 Internal Server Error when comparing branches where the head commit exists only in the fork repository. ## Cause The API was using the base repository's GitRepo and repository context when converting commits. This fails when the commit does not exist in the base repository, resulting in a "fatal: bad object" error. ## Solution Use the head repository and HeadGitRepo when available to ensure commits are resolved in the correct repository context. ## Result * Fixes "fatal: bad object" error * Enables proper comparison between base and fork repositories * Prevents 500 Internal Server Error Fixes #37168 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fixes: #36677 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
`url.PathEscape` unnecessarily encodes ! to %21, causing Matrix homeservers to reject the request with 401. Replace %21 back to ! after escaping. Fixes #36012 --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This is the first step (the hardest part): * repo file list last commit message lazy load * admin server status monitor * watch/unwatch (normal page, watchers page) * star/unstar (normal page, watchers page) * project view, delete column * workflow dispatch, switch the branch * commit page: load branches and tags referencing this commit The legacy "data-redirect" attribute is removed, it only makes the page reload (sometimes using an incorrect link). Also did cleanup for some devtest pages.
Closes #36366 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
| go | from | to | | --- | --- | --- | | github.com/go-webauthn/webauthn | `0.16.3` | `0.16.4` | | github.com/meilisearch/meilisearch-go | `0.36.1` | `0.36.2` | | golang.org/x/crypto | `0.49.0` | `0.50.0` | | golang.org/x/image | `0.38.0` | `0.39.0` | | golang.org/x/net | `0.52.0` | `0.53.0` | | golang.org/x/text | `0.35.0` | `0.36.0` | | js | from | to | | --- | --- | --- | | @primer/octicons | `19.23.1` | `19.24.0` | | @vitejs/plugin-vue | `6.0.5` | `6.0.6` | | rolldown-license-plugin | `2.2.0` | `2.2.5` | | vite | `8.0.7` | `8.0.8` | | @types/node | `25.5.2` | `25.6.0` | | @typescript-eslint/parser | `8.58.1` | `8.58.2` | | @vitest/eslint-plugin | `1.6.14` | `1.6.15` | | globals | `17.4.0` | `17.5.0` | | stylelint | `17.6.0` | `17.7.0` | | typescript-eslint | `8.58.1` | `8.58.2` | | updates | `17.13.5` | `17.15.3` | | vitest | `4.1.3` | `4.1.4` | | py | from | to | | --- | --- | --- | | click | `8.3.1` | `8.3.2` | | json5 | `0.13.0` | `0.14.0` | | regex | `2026.2.19` | `2026.4.4` | | tomli | `2.4.0` | `2.4.1` |
…37210) Simplify ParseCatFileTreeLine: it is faster without the preset buffers, and easier to read and maintain. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This bug was identified in https://github.com/go-gitea/gitea/pull/37119/changes#diff-37655a02d5a44d5c0e3e19c75fb58adb47a8e7835cbd619345d5b556292935a7L180 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>
Fix #37213 Also fix the misaligned tags, remove unused classes, etc.
The only remaining (hard) part is "templates/repo/editor/edit.tmpl", see the FIXME By the way: * Make "user unfollow" use basic color but not red color, indeed it is not dangerous * Fix "org folllow" layout (use block gap instead of inline gap)
Close #35059 Slightly improved the "fetch action" framework and started adding tests for it. --------- Signed-off-by: silverwind <me@silverwind.io> Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: wxiaoguang <2114189+wxiaoguang@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
This PR adds an External ID Claim Name configuration field to the OIDC auth source. When set, Gitea uses the specified JWT claim as the user's `ExternalID` instead of the default `sub` claim. This PR fixes the bug when migrating from Azure AD V2 to OIDC. When an admin migrates the same auth source to OIDC, goth's `openidConnect` provider defaults to using the `sub` claim as `UserID`. However, Azure AD's `sub` is a pairwise identifier: > `sub`: The subject is a pairwise identifier and is unique to an application ID. If a single user signs into two different apps using two different client IDs, those apps receive two different values for the subject claim. https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference#payload-claims As a result, every existing user appears as a new account after migration. To fix this issue, Gitea should use `oid` claim for `UserID`. > `oid`: This ID uniquely identifies the user across applications - two different applications signing in the same user receives the same value in the oid claim. Note: The `oid` claim is not included in Azure AD tokens by default. The `profile` scope must be added to the Scopes field of the auth source.
Co-authored-by: silverwind <115237+silverwind@users.noreply.github.com>
GiteaBot
added
the
lgtm/need 2
This comment was marked as outdated.
This comment was marked as outdated.
Copilot created this pull request from a session on behalf of
silverwind
April 17, 2026 08:32
View session
Member
|
@copilot set target branch to |
Contributor
Author
No locale files were modified by this cherry-pick. The locale changes appear in the diff because the PR base is currently set to
I'm unable to change the PR target branch with my available tools — this needs to be done manually through the GitHub PR UI (Edit button → base branch dropdown → |
silverwind
changed the title
dropzone with @deltablot/dropzone (#37237)dropzone with @deltablot/dropzone (#37237)
Copilot stopped work on behalf of
silverwind due to an error
April 17, 2026 08:43
Member
|
Copilot was too dumb to set the correct target branch, I did it now via API as I have no edit button with my current permissions. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Backport of #37237 to
release/v1.26.Cherry-pick of 2bfaa33 onto the
release/v1.26branch.