Merge branch 'main' into item

remove tsgo
Fix various bugs (#36139 )
2025-12-14 21:15:18 +08:00 · 2025-12-13 21:01:12 +08:00 · 2025-12-13 13:49:40 +01:00 · 2025-12-12 18:56:05 +00:00 · 2025-12-12 18:12:35 +00:00 · 2025-12-12 18:38:59 +01:00
22 changed files with 168 additions and 142 deletions
--- a/.github/workflows/cron-licenses.yml
+++ b/.github/workflows/cron-licenses.yml
@ -9,8 +9,10 @@ jobs:
  cron-licenses:
    runs-on: ubuntu-latest
    if: github.repository == 'go-gitea/gitea'
+    permissions:
+      contents: write
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
--- a/.github/workflows/cron-translations.yml
+++ b/.github/workflows/cron-translations.yml
@ -9,8 +9,10 @@ jobs:
  crowdin-pull:
    runs-on: ubuntu-latest
    if: github.repository == 'go-gitea/gitea'
+    permissions:
+      contents: write
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: crowdin/github-action@v1
        with:
          upload_sources: true
--- a/.github/workflows/files-changed.yml
+++ b/.github/workflows/files-changed.yml
@ -24,6 +24,8 @@ jobs:
  detect:
    runs-on: ubuntu-latest
    timeout-minutes: 3
+    permissions:
+      contents: read
    outputs:
      backend: ${{ steps.changes.outputs.backend }}
      frontend: ${{ steps.changes.outputs.frontend }}
@ -34,7 +36,7 @@ jobs:
      swagger: ${{ steps.changes.outputs.swagger }}
      yaml: ${{ steps.changes.outputs.yaml }}
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: dorny/paths-filter@v3
        id: changes
        with:
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@ -10,13 +10,17 @@ concurrency:
 jobs:
  files-changed:
    uses: ./.github/workflows/files-changed.yml
+    permissions:
+      contents: read

  lint-backend:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -30,8 +34,10 @@ jobs:
    if: needs.files-changed.outputs.templates == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: astral-sh/setup-uv@v6
      - run: uv python install 3.12
      - uses: pnpm/action-setup@v4
@ -46,8 +52,10 @@ jobs:
    if: needs.files-changed.outputs.yaml == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: astral-sh/setup-uv@v6
      - run: uv python install 3.12
      - run: make deps-py
@ -57,8 +65,10 @@ jobs:
    if: needs.files-changed.outputs.swagger == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: pnpm/action-setup@v4
      - uses: actions/setup-node@v5
        with:
@ -70,8 +80,10 @@ jobs:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true' || needs.files-changed.outputs.docs == 'true' || needs.files-changed.outputs.templates == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -82,8 +94,10 @@ jobs:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -99,8 +113,10 @@ jobs:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -114,8 +130,10 @@ jobs:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -127,8 +145,10 @@ jobs:
    if: needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: pnpm/action-setup@v4
      - uses: actions/setup-node@v5
        with:
@ -143,8 +163,10 @@ jobs:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -175,8 +197,10 @@ jobs:
    if: needs.files-changed.outputs.docs == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: pnpm/action-setup@v4
      - uses: actions/setup-node@v5
        with:
@ -188,8 +212,10 @@ jobs:
    if: needs.files-changed.outputs.actions == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
--- a/.github/workflows/pull-db-tests.yml
+++ b/.github/workflows/pull-db-tests.yml
@ -10,11 +10,15 @@ concurrency:
 jobs:
  files-changed:
    uses: ./.github/workflows/files-changed.yml
+    permissions:
+      contents: read

  test-pgsql:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    services:
      pgsql:
        image: postgres:14
@ -38,7 +42,7 @@ jobs:
        ports:
          - "9000:9000"
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -65,8 +69,10 @@ jobs:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -90,6 +96,8 @@ jobs:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    services:
      elasticsearch:
        image: elasticsearch:7.5.0
@ -124,7 +132,7 @@ jobs:
        ports:
          - 10000:10000
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -152,6 +160,8 @@ jobs:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    services:
      mysql:
        # the bitnami mysql image has more options than the official one, it's easier to customize
@ -177,7 +187,7 @@ jobs:
          - "587:587"
          - "993:993"
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
@ -203,6 +213,8 @@ jobs:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    services:
      mssql:
        image: mcr.microsoft.com/mssql/server:2019-latest
@ -217,7 +229,7 @@ jobs:
        ports:
          - 10000:10000
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: actions/setup-go@v6
        with:
          go-version-file: go.mod
--- a/.github/workflows/pull-docker-dryrun.yml
+++ b/.github/workflows/pull-docker-dryrun.yml
@ -10,13 +10,17 @@ concurrency:
 jobs:
  files-changed:
    uses: ./.github/workflows/files-changed.yml
+    permissions:
+      contents: read

  container:
    if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      - uses: docker/setup-buildx-action@v3
      - name: Build regular container image
        uses: docker/build-push-action@v5
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@ -11,8 +11,10 @@ concurrency:
 jobs:
  nightly-binary:
    runs-on: namespace-profile-gitea-release-binary
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
@ -56,12 +58,14 @@ jobs:
      - name: upload binaries to s3
        run: |
          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
+
  nightly-container:
    runs-on: namespace-profile-gitea-release-docker
    permissions:
+      contents: read
      packages: write # to publish to ghcr.io
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@ -12,8 +12,10 @@ concurrency:
 jobs:
  binary:
    runs-on: namespace-profile-gitea-release-binary
+    permissions:
+      contents: read
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
@ -66,12 +68,14 @@ jobs:
          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/*
        env:
          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+
  container:
    runs-on: namespace-profile-gitea-release-docker
    permissions:
+      contents: read
      packages: write # to publish to ghcr.io
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@ -15,9 +15,10 @@ jobs:
  binary:
    runs-on: namespace-profile-gitea-release-binary
    permissions:
+      contents: read
      packages: write # to publish to ghcr.io
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
@ -70,12 +71,14 @@ jobs:
          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --notes-from-tag dist/release/*
        env:
          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+
  container:
    runs-on: namespace-profile-gitea-release-docker
    permissions:
+      contents: read
      packages: write # to publish to ghcr.io
    steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
--- a/2
+++ b/2
@ -341,13 +341,11 @@ lint-backend-fix: lint-go-fix lint-go-gitea-vet lint-editorconfig ## lint backen
 lint-js: node_modules ## lint js files
 	$(NODE_VARS) pnpm exec eslint --color --max-warnings=0 --flag unstable_native_nodejs_ts_config $(ESLINT_FILES)
 	$(NODE_VARS) pnpm exec vue-tsc
-	$(NODE_VARS) pnpm exec tsgo

 .PHONY: lint-js-fix
 lint-js-fix: node_modules ## lint js files and fix issues
 	$(NODE_VARS) pnpm exec eslint --color --max-warnings=0 --flag unstable_native_nodejs_ts_config $(ESLINT_FILES) --fix
 	$(NODE_VARS) pnpm exec vue-tsc
-	$(NODE_VARS) pnpm exec tsgo

 .PHONY: lint-css
 lint-css: node_modules ## lint css files
--- a/modules/packages/npm/creator.go
+++ b/modules/packages/npm/creator.go
@ -62,7 +62,28 @@ type PackageMetadata struct {
 	Author         User                               `json:"author"`
 	ReadmeFilename string                             `json:"readmeFilename,omitempty"`
 	Users          map[string]bool                    `json:"users,omitempty"`
-	License        string                             `json:"license,omitempty"`
+	License        License                            `json:"license,omitempty"`
+}
+
+type License string
+
+func (l *License) UnmarshalJSON(data []byte) error {
+	switch data[0] {
+	case '"':
+		var value string
+		if err := json.Unmarshal(data, &value); err != nil {
+			return err
+		}
+		*l = License(value)
+	case '{':
+		var values map[string]any
+		if err := json.Unmarshal(data, &values); err != nil {
+			return err
+		}
+		value, _ := values["type"].(string)
+		*l = License(value)
+	}
+	return nil
 }

 // PackageMetadataVersion documentation: https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#version
@ -74,7 +95,7 @@ type PackageMetadataVersion struct {
 	Description          string              `json:"description"`
 	Author               User                `json:"author"`
 	Homepage             string              `json:"homepage,omitempty"`
-	License              string              `json:"license,omitempty"`
+	License              License             `json:"license,omitempty"`
 	Repository           Repository          `json:"repository"`
 	Keywords             []string            `json:"keywords,omitempty"`
 	Dependencies         map[string]string   `json:"dependencies,omitempty"`
--- a/modules/packages/npm/creator_test.go
+++ b/modules/packages/npm/creator_test.go
@ -13,6 +13,7 @@ import (
 	"code.gitea.io/gitea/modules/json"

 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )

 func TestParsePackage(t *testing.T) {
@ -291,11 +292,36 @@ func TestParsePackage(t *testing.T) {
 		assert.Equal(t, packageDescription, p.Metadata.Readme)
 		assert.Equal(t, packageAuthor, p.Metadata.Author)
 		assert.Equal(t, packageBin, p.Metadata.Bin["bin"])
-		assert.Equal(t, "MIT", p.Metadata.License)
+		assert.Equal(t, "MIT", string(p.Metadata.License))
 		assert.Equal(t, "https://gitea.io/", p.Metadata.ProjectURL)
 		assert.Contains(t, p.Metadata.Dependencies, "package")
 		assert.Equal(t, "1.2.0", p.Metadata.Dependencies["package"])
 		assert.Equal(t, repository.Type, p.Metadata.Repository.Type)
 		assert.Equal(t, repository.URL, p.Metadata.Repository.URL)
 	})
+
+	t.Run("ValidLicenseMap", func(t *testing.T) {
+		packageJSON := `{
+  "versions": {
+		"0.1.1": {
+			"name": "dev-null",
+			"version": "0.1.1",
+			"license": {
+				"type": "MIT"
+			},
+			"dist": {
+				"integrity": "sha256-"
+			}
+		}
+	},
+	"_attachments": {
+		"foo": {
+			"data": "AAAA"
+		}
+	}
+}`
+		p, err := ParsePackage(strings.NewReader(packageJSON))
+		require.NoError(t, err)
+		require.Equal(t, "MIT", string(p.Metadata.License))
+	})
 }
--- a/modules/packages/npm/metadata.go
+++ b/modules/packages/npm/metadata.go
@ -12,7 +12,7 @@ type Metadata struct {
 	Name                    string            `json:"name,omitempty"`
 	Description             string            `json:"description,omitempty"`
 	Author                  string            `json:"author,omitempty"`
-	License                 string            `json:"license,omitempty"`
+	License                 License           `json:"license,omitempty"`
 	ProjectURL              string            `json:"project_url,omitempty"`
 	Keywords                []string          `json:"keywords,omitempty"`
 	Dependencies            map[string]string `json:"dependencies,omitempty"`
--- a/package.json
+++ b/package.json
@ -80,7 +80,6 @@
    "@types/tinycolor2": "1.4.6",
    "@types/toastify-js": "1.12.4",
    "@typescript-eslint/parser": "8.48.1",
-    "@typescript/native-preview": "7.0.0-dev.20251212.1",
    "@vitejs/plugin-vue": "6.0.2",
    "@vitest/eslint-plugin": "1.5.1",
    "eslint": "9.39.1",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -243,9 +243,6 @@ importers:
      '@typescript-eslint/parser':
        specifier: 8.48.1
        version: 8.48.1(eslint@9.39.1(jiti@2.6.1))(typescript@5.9.3)
-      '@typescript/native-preview':
-        specifier: 7.0.0-dev.20251212.1
-        version: 7.0.0-dev.20251212.1
      '@vitejs/plugin-vue':
        specifier: 6.0.2
        version: 6.0.2(vite@7.2.6(@types/node@24.10.1)(jiti@2.6.1)(stylus@0.57.0)(terser@5.44.1)(yaml@2.8.2))(vue@3.5.25(typescript@5.9.3))
@ -1296,45 +1293,6 @@ packages:
    resolution: {integrity: sha512-BmxxndzEWhE4TIEEMBs8lP3MBWN3jFPs/p6gPm/wkv02o41hI6cq9AuSmGAaTTHPtA1FTi2jBre4A9rm5ZmX+Q==}
    engines: {node: ^18.18.0 || ^20.9.0 || >=21.1.0}

-  '@typescript/native-preview-darwin-arm64@7.0.0-dev.20251212.1':
-    resolution: {integrity: sha512-5tof0OT01yPQ0mcoKPeSrGMxQ9Dl//gTjSKCMKwbLr5urrIPxX5bNRWUH0hxWaB4A3mXQvDvxSSrWR5TMOl2aQ==}
-    cpu: [arm64]
-    os: [darwin]
-
-  '@typescript/native-preview-darwin-x64@7.0.0-dev.20251212.1':
-    resolution: {integrity: sha512-zUgcCXmDfO2yo5fNZZ3wUCv8hdqc/Qbc1WZUEDYYo3ItnBUL9qp0lUtTwsLtNreL2WmHOCeTQuKWa/JQzdw89g==}
-    cpu: [x64]
-    os: [darwin]
-
-  '@typescript/native-preview-linux-arm64@7.0.0-dev.20251212.1':
-    resolution: {integrity: sha512-0P59bGDFLppvkdpqQ8/kG+kU6R0iCdQiSLFRNrbrLnaflACBfIi40D3Ono3EmeSxqKsHqh/pNRu3BUJvoNGphw==}
-    cpu: [arm64]
-    os: [linux]
-
-  '@typescript/native-preview-linux-arm@7.0.0-dev.20251212.1':
-    resolution: {integrity: sha512-peQCeG2+XqMqs6/Sg6nbQPI3Kae91Esi5Qh1VyDETO4wjMbKeAzVjw8t3Qz5X6RDbWNrCpDmbk6chjukfGeWgQ==}
-    cpu: [arm]
-    os: [linux]
-
-  '@typescript/native-preview-linux-x64@7.0.0-dev.20251212.1':
-    resolution: {integrity: sha512-7QFyqcPe/Sz+IakvzCqh0d5WhQg7A7bKyQil38K7rKSTaPI42LrVwLA6mVtTRfQyS5Sy2XYVinyLNXnWM8ImQQ==}
-    cpu: [x64]
-    os: [linux]
-
-  '@typescript/native-preview-win32-arm64@7.0.0-dev.20251212.1':
-    resolution: {integrity: sha512-Y8mh0dPXAcYYNtSZVZYaNcqAOlxOlbJQopJBVATn+ItCxrY4RqBwygzrBWqg+gUo9xLmFI9XLuDVqm1ZAkAfwg==}
-    cpu: [arm64]
-    os: [win32]
-
-  '@typescript/native-preview-win32-x64@7.0.0-dev.20251212.1':
-    resolution: {integrity: sha512-bUPWJgGhPdsoL3OR+I8nFF81P/+hwfqyMKaAWFxTg1zeRdEl61lVdrEfgNDBI7Px5Gr+uFGELlkCsDzy/7dAyw==}
-    cpu: [x64]
-    os: [win32]
-
-  '@typescript/native-preview@7.0.0-dev.20251212.1':
-    resolution: {integrity: sha512-uNPMu5+ElTN7AZRFJXsTPtSAQ2b7FIXMvpQbU/L0VD5PoBp5nMiQbgO1QFSvbFiIoTTma3I2TX3WSO5olIMTLQ==}
-    hasBin: true
-
  '@unrs/resolver-binding-android-arm-eabi@1.11.1':
    resolution: {integrity: sha512-ppLRUgHVaGRWUx0R0Ut06Mjo9gBaBkg3v/8AxusGLhsIotbBLuRk51rAzqLC8gq6NyyAojEXglNjzf6R948DNw==}
    cpu: [arm]
@ -5202,37 +5160,6 @@ snapshots:
      '@typescript-eslint/types': 8.48.1
      eslint-visitor-keys: 4.2.1

-  '@typescript/native-preview-darwin-arm64@7.0.0-dev.20251212.1':
-    optional: true
-
-  '@typescript/native-preview-darwin-x64@7.0.0-dev.20251212.1':
-    optional: true
-
-  '@typescript/native-preview-linux-arm64@7.0.0-dev.20251212.1':
-    optional: true
-
-  '@typescript/native-preview-linux-arm@7.0.0-dev.20251212.1':
-    optional: true
-
-  '@typescript/native-preview-linux-x64@7.0.0-dev.20251212.1':
-    optional: true
-
-  '@typescript/native-preview-win32-arm64@7.0.0-dev.20251212.1':
-    optional: true
-
-  '@typescript/native-preview-win32-x64@7.0.0-dev.20251212.1':
-    optional: true
-
-  '@typescript/native-preview@7.0.0-dev.20251212.1':
-    optionalDependencies:
-      '@typescript/native-preview-darwin-arm64': 7.0.0-dev.20251212.1
-      '@typescript/native-preview-darwin-x64': 7.0.0-dev.20251212.1
-      '@typescript/native-preview-linux-arm': 7.0.0-dev.20251212.1
-      '@typescript/native-preview-linux-arm64': 7.0.0-dev.20251212.1
-      '@typescript/native-preview-linux-x64': 7.0.0-dev.20251212.1
-      '@typescript/native-preview-win32-arm64': 7.0.0-dev.20251212.1
-      '@typescript/native-preview-win32-x64': 7.0.0-dev.20251212.1
-
  '@unrs/resolver-binding-android-arm-eabi@1.11.1':
    optional: true

--- a/routers/web/repo/editor_cherry_pick.go
+++ b/routers/web/repo/editor_cherry_pick.go
@ -36,9 +36,7 @@ func CherryPick(ctx *context.Context) {
 		ctx.Data["commit_message"] = "revert " + cherryPickCommit.Message()
 	} else {
 		ctx.Data["CherryPickType"] = "cherry-pick"
-		splits := strings.SplitN(cherryPickCommit.Message(), "\n", 2)
-		ctx.Data["commit_summary"] = splits[0]
-		ctx.Data["commit_message"] = splits[1]
+		ctx.Data["commit_summary"], ctx.Data["commit_message"], _ = strings.Cut(cherryPickCommit.Message(), "\n")
 	}

 	ctx.HTML(http.StatusOK, tplCherryPick)
--- a/services/mailer/sender/sender.go
+++ b/services/mailer/sender/sender.go
@ -4,10 +4,8 @@
 package sender

 import (
+	"errors"
 	"io"
-
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
 )

 type Sender interface {
@ -16,23 +14,18 @@ type Sender interface {

 var Send = send

-func send(sender Sender, msgs ...*Message) error {
-	if setting.MailService == nil {
-		log.Error("Mailer: Send is being invoked but mail service hasn't been initialized")
-		return nil
+func send(sender Sender, msg *Message) error {
+	m := msg.ToMessage()
+	froms := m.GetFrom()
+	to, err := m.GetRecipients()
+	if err != nil {
+		return err
 	}
-	for _, msg := range msgs {
-		m := msg.ToMessage()
-		froms := m.GetFrom()
-		to, err := m.GetRecipients()
-		if err != nil {
-			return err
-		}

-		// TODO: implement sending from multiple addresses
-		if err := sender.Send(froms[0].Address, to, m); err != nil {
-			return err
-		}
+	// TODO: implement sending from multiple addresses
+	if len(froms) == 0 {
+		// FIXME: no idea why sometimes the "froms" can be empty, need to figure out the root problem
+		return errors.New("no FROM specified")
 	}
-	return nil
+	return sender.Send(froms[0].Address, to, m)
 }
--- a/services/repository/generate.go
+++ b/services/repository/generate.go
@ -177,7 +177,7 @@ func substGiteaTemplateFile(ctx context.Context, tmpDir, tmpDirSubPath string, t
 	}

 	generatedContent := generateExpansion(ctx, string(content), templateRepo, generateRepo)
-	substSubPath := filepath.Clean(filePathSanitize(generateExpansion(ctx, tmpDirSubPath, templateRepo, generateRepo)))
+	substSubPath := filePathSanitize(generateExpansion(ctx, tmpDirSubPath, templateRepo, generateRepo))
 	newLocalPath := filepath.Join(tmpDir, substSubPath)
 	regular, err := util.IsRegularFile(newLocalPath)
 	if canWrite := regular || errors.Is(err, fs.ErrNotExist); !canWrite {
@ -358,5 +358,5 @@ func filePathSanitize(s string) string {
 		}
 		fields[i] = field
 	}
-	return filepath.FromSlash(strings.Join(fields, "/"))
+	return filepath.Clean(filepath.FromSlash(strings.Trim(strings.Join(fields, "/"), "/")))
 }
--- a/services/repository/generate_test.go
+++ b/services/repository/generate_test.go
@ -54,19 +54,24 @@ text/*.txt
 }

 func TestFilePathSanitize(t *testing.T) {
-	assert.Equal(t, "test_CON", filePathSanitize("test_CON"))
-	assert.Equal(t, "test CON", filePathSanitize("test CON "))
-	assert.Equal(t, "__/traverse/__", filePathSanitize(".. /traverse/ .."))
-	assert.Equal(t, "./__/a/_git/b_", filePathSanitize("./../a/.git/ b: "))
+	// path clean
+	assert.Equal(t, "a", filePathSanitize("//a/"))
+	assert.Equal(t, "_a", filePathSanitize(`\a`))
+	assert.Equal(t, "__/a/__", filePathSanitize(".. /a/ .."))
+	assert.Equal(t, "__/a/_git/b_", filePathSanitize("./../a/.git/ b: "))
+
+	// Windows reserved names
 	assert.Equal(t, "_", filePathSanitize("CoN"))
 	assert.Equal(t, "_", filePathSanitize("LpT1"))
 	assert.Equal(t, "_", filePathSanitize("CoM1"))
+	assert.Equal(t, "test_CON", filePathSanitize("test_CON"))
+	assert.Equal(t, "test CON", filePathSanitize("test CON "))
+
+	// special chars
 	assert.Equal(t, "_", filePathSanitize("\u0000"))
-	assert.Equal(t, "目标", filePathSanitize("目标"))
-	// unlike filepath.Clean, it only sanitizes, doesn't change the separator layout
-	assert.Equal(t, "", filePathSanitize("")) //nolint:testifylint // for easy reading
+	assert.Equal(t, ".", filePathSanitize(""))
 	assert.Equal(t, ".", filePathSanitize("."))
-	assert.Equal(t, "/", filePathSanitize("/"))
+	assert.Equal(t, ".", filePathSanitize("/"))
 }

 func TestProcessGiteaTemplateFile(t *testing.T) {
--- a/templates/package/content/pypi.tmpl
+++ b/templates/package/content/pypi.tmpl
@ -4,7 +4,7 @@
 		<div class="ui form">
 			<div class="field">
 				<label>{{svg "octicon-terminal"}} {{ctx.Locale.Tr "packages.pypi.install"}}</label>
-				<div class="markup"><pre class="code-block"><code>pip install --index-url <origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/pypi/simple/"></origin-url> --extra-index-url https://pypi.org/ {{.PackageDescriptor.Package.Name}}</code></pre></div>
+				<div class="markup"><pre class="code-block"><code>pip install --index-url <origin-url data-url="{{AppSubUrl}}/api/packages/{{.PackageDescriptor.Owner.Name}}/pypi/simple/"></origin-url> --extra-index-url https://pypi.org/simple {{.PackageDescriptor.Package.Name}}</code></pre></div>
 			</div>
 			<div class="field">
 				<label>{{ctx.Locale.Tr "packages.registry.documentation" "PyPI" "https://docs.gitea.com/usage/packages/pypi/"}}</label>
--- a/templates/repo/issue/view_content/comments.tmpl
+++ b/templates/repo/issue/view_content/comments.tmpl
@ -96,7 +96,7 @@
 			</div>
 		{{else if eq .Type 2}}
 			<div class="timeline-item event" id="{{.HashTag}}">
-				<span class="badge tw-bg-red tw-text-white">{{svg "octicon-circle-slash"}}</span>
+				<span class="badge tw-bg-red tw-text-white">{{svg "octicon-issue-closed"}}</span>
 				{{if not .OriginalAuthor}}
 					{{template "shared/user/avatarlink" dict "user" .Poster}}
 				{{end}}
--- a/web_src/js/globals.d.ts
+++ b/web_src/js/globals.d.ts
@ -12,7 +12,7 @@ declare module '*.vue' {
  import type {DefineComponent} from 'vue';
  const component: DefineComponent<unknown, unknown, any>;
  export default component;
-  // Here we declare all exports from vue files so that `tsgo` can work and be used for
+  // Here we declare all exports from vue files so `tsc` or `tsgo` can work for
  // non-vue files. To lint .vue files, `vue-tsc` must be used.
  export function initDashboardRepoList(): void;
  export function initRepositoryActionView(): void;
Author	SHA1	Message	Date
wxiaoguang	38040b7924	Merge branch 'main' into item	2025-12-13 21:01:12 +08:00
silverwind	813827c38e	remove tsgo	2025-12-13 13:49:40 +01:00
wxiaoguang	1e72b15639	Fix various bugs (#36139 ) Some checks are pending release-nightly / nightly-binary (push) Waiting to run Details release-nightly / nightly-container (push) Waiting to run Details * Fix #35768 * Fix #36064 * Fix #36051 * Fix cherry-pick panic	2025-12-12 18:56:05 +00:00
silverwind	3102c04c1e	Fix issue close timeline icon (#36138 ) Previously there was a icon mismatch between a issue's label and the timeline close event icon	2025-12-12 18:12:35 +00:00
silverwind	3e57ba5b36	Add permissions to`files-changed` jobs (#36142 ) Followup to https://github.com/go-gitea/gitea/pull/36140. `files-changed` is a job that imports another workflow via `uses` statement but CodeQL still complains about lack of permissions on these jobs, so add it. This will fix the remaining [3 CodeQL issues](https://github.com/go-gitea/gitea/security/code-scanning?query=is%3Aopen+branch%3Amain+permissions).	2025-12-12 18:38:59 +01:00
silverwind	4c06c98dda	Add explicit permissions to all actions workflows (#36140 ) Explicitely specify all workflow [`permissions`](https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax#permissions). This will fix [26 CodeQL alerts](https://github.com/go-gitea/gitea/security/code-scanning?query=permissions+is%3Aopen+branch%3Amain+).	2025-12-12 16:48:29 +00:00
silverwind	87b855bd15	Bump `actions/checkout` to v6 (#36136 ) https://github.com/actions/checkout#checkout-v6 Result of `perl -p -i -e 's#actions\/checkout\@v5#actions/checkout\@v6#g' .github/workflows/*`	2025-12-12 16:44:53 +01:00