Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package forgejo for openSUSE:Factory checked in at 2024-10-29 14:35:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/forgejo (Old) and /work/SRC/openSUSE:Factory/.forgejo.new.2020 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "forgejo" Tue Oct 29 14:35:58 2024 rev:18 rq:1218913 version:9.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/forgejo/forgejo.changes 2024-10-18 15:55:28.326801225 +0200 +++ /work/SRC/openSUSE:Factory/.forgejo.new.2020/forgejo.changes 2024-10-29 14:36:25.804713807 +0100 @@ -1,0 +2,31 @@ +Mon Oct 28 17:09:05 UTC 2024 - Richard Rahl <rrahl0@opensuse.org> + +- update to 9.0.1: + * Forgejo generates a token which is used to authenticate web endpoints that + are only meant to be used internally, for instance when the SSH daemon is + used to push a commit with Git. The verification of this token was not done + in constant time and was susceptible to timing attacks. + * Because of a missing permission check, the branch used to propose a pull + request to a repository can always be deleted by the user performing the merge. + * Fix boolean inputs in workflow_dispatch + * package arch database not updating when uploading "any" architecture + * correct SQL query for active issues + * specify default value for EXPLORE_DEFAULT_SORT. + * fix: Add recentupdated as recognized sort option + * Update dependency mermaid to v11.3.0 (v9.0/forgejo) + * Always update expiration time when creating an artifact + * Update scheduled tasks even if changes are pushed by "ActionsUser" + * Fix disable 2fa bug + * i18n: update of translations from Codeberg Translate + * fix: make branch protection work for new branches + * link to security policy in security.txt + * fix: don't show truncated comments in RSS/Atom feeds + * fix: typo on releases for source code downloads + * Revert "add gap between branch dropdown and PR button" + * fix: Don't double escape delete branch text + * fix: Add server logging for OAuth server errors + * forgejo-cli is now a symlink and cannot be used for sanity checks + * fix: correct documentation for non 200 responses in swagger +- forgejo is since 9.0.0 GPL-3.0-or-later + +------------------------------------------------------------------- Old: ---- forgejo-src-9.0.0.tar.gz forgejo-src-9.0.0.tar.gz.asc New: ---- forgejo-src-9.0.1.tar.gz forgejo-src-9.0.1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ forgejo.spec ++++++ --- /var/tmp/diff_new_pack.f2hiH5/_old 2024-10-29 14:36:35.245103607 +0100 +++ /var/tmp/diff_new_pack.f2hiH5/_new 2024-10-29 14:36:35.249103772 +0100 @@ -30,10 +30,10 @@ %endif %endif Name: forgejo -Version: 9.0.0 +Version: 9.0.1 Release: 0 Summary: Self-hostable forge -License: MIT +License: GPL-3.0-or-later Group: Development/Tools/Version Control URL: https://forgejo.org Source0: https://codeberg.org/%{name}/%{name}/releases/download/v%{version}/%{name}-src-%{version}.tar.gz ++++++ forgejo-src-9.0.0.tar.gz -> forgejo-src-9.0.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/forgejo/forgejo-src-9.0.0.tar.gz /work/SRC/openSUSE:Factory/.forgejo.new.2020/forgejo-src-9.0.1.tar.gz differ: char 24, line 1 ++++++ node_modules.obscpio ++++++ /work/SRC/openSUSE:Factory/forgejo/node_modules.obscpio /work/SRC/openSUSE:Factory/.forgejo.new.2020/node_modules.obscpio differ: char 138304668, line 483027 ++++++ node_modules.spec.inc ++++++ --- /var/tmp/diff_new_pack.f2hiH5/_old 2024-10-29 14:36:35.637119793 +0100 +++ /var/tmp/diff_new_pack.f2hiH5/_new 2024-10-29 14:36:35.641119958 +0100 @@ -514,7 +514,7 @@ Source10513: https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz#/dom-se... Source10514: https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz#/domele... Source10515: https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz#/domhandler-5.0... -Source10516: https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz#/dompurify-3.1.7.... +Source10516: https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz#/dompurify-3.1.6.... Source10517: https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz#/domutils-3.1.0.tgz Source10518: https://registry.npmjs.org/dropzone/-/dropzone-6.0.0-beta.2.tgz#/dropzone-6.... Source10519: https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz#/eastas... @@ -826,7 +826,7 @@ Source10825: https://registry.npmjs.org/meow/-/meow-13.2.0.tgz#/meow-13.2.0.tgz Source10826: https://registry.npmjs.org/merge-stream/-/merge-stream-2.0.0.tgz#/merge-stre... Source10827: https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz#/merge2-1.4.1.tgz -Source10828: https://registry.npmjs.org/mermaid/-/mermaid-11.2.1.tgz#/mermaid-11.2.1.tgz +Source10828: https://registry.npmjs.org/mermaid/-/mermaid-11.3.0.tgz#/mermaid-11.3.0.tgz Source10829: https://registry.npmjs.org/micromatch/-/micromatch-4.0.8.tgz#/micromatch-4.0... Source10830: https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz#/mime-db-1.52.0.tgz Source10831: https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz#/mime-types-2.... ++++++ package-lock.json ++++++ --- /var/tmp/diff_new_pack.f2hiH5/_old 2024-10-29 14:36:35.693122106 +0100 +++ /var/tmp/diff_new_pack.f2hiH5/_new 2024-10-29 14:36:35.705122601 +0100 @@ -30,7 +30,7 @@ "idiomorph": "0.3.0", "jquery": "3.7.1", "katex": "0.16.11", - "mermaid": "11.2.1", + "mermaid": "11.3.0", "mini-css-extract-plugin": "2.9.1", "minimatch": "10.0.1", "monaco-editor": "0.51.0", @@ -7514,9 +7514,9 @@ } }, "node_modules/dompurify": { - "version": "3.1.7", - "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz", - "integrity": "sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ==", + "version": "3.1.6", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.6.tgz", + "integrity": "sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==", "license": "(MPL-2.0 OR Apache-2.0)" }, "node_modules/domutils": { @@ -11952,9 +11952,9 @@ } }, "node_modules/mermaid": { - "version": "11.2.1", - "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.2.1.tgz", - "integrity": "sha512-F8TEaLVVyxTUmvKswVFyOkjPrlJA5h5vNR1f7ZnSWSpqxgEZG1hggtn/QCa7znC28bhlcrNh10qYaIiill7q4A==", + "version": "11.3.0", + "resolved": "https://registry.npmjs.org/mermaid/-/mermaid-11.3.0.tgz", + "integrity": "sha512-fFmf2gRXLtlGzug4wpIGN+rQdZ30M8IZEB1D3eZkXNqC7puhqeURBcD/9tbwXsqBO+A6Nzzo3MSSepmnw5xSeg==", "license": "MIT", "dependencies": { "@braintree/sanitize-url": "^7.0.1", @@ -11967,7 +11967,7 @@ "d3-sankey": "^0.12.3", "dagre-d3-es": "7.0.10", "dayjs": "^1.11.10", - "dompurify": "^3.0.11", + "dompurify": "^3.0.11 <3.1.7", "katex": "^0.16.9", "khroma": "^2.1.0", "lodash-es": "^4.17.21",