diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 741ac8b8..b25491e8 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,7 +4,7 @@ updates:
- package-ecosystem: "gomod"
directory: "/"
schedule:
- interval: "weekly"
+ interval: "monthly"
reviewers:
- "gogs/core"
commit-message:
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index e1bbd59c..42523239 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -19,14 +19,17 @@ env:
jobs:
lint:
name: Lint
+ concurrency:
+ group: ${{ github.workflow }}-lint-${{ github.ref }}
+ cancel-in-progress: true
runs-on: ubuntu-latest
steps:
- name: Checkout code
- uses: actions/checkout@v3
+ uses: actions/checkout@v4
- name: Install Go
- uses: actions/setup-go@v4
+ uses: actions/setup-go@v5
with:
- go-version: 1.20.x
+ go-version: 1.23.x
- name: Check Go module tidiness
shell: bash
run: |
@@ -48,20 +51,15 @@ jobs:
name: Test
strategy:
matrix:
- go-version: [ 1.17.x, 1.18.x, 1.19.x, 1.20.x ]
+ go-version: [ 1.23.x ]
platform: [ ubuntu-latest, macos-latest, windows-latest ]
runs-on: ${{ matrix.platform }}
steps:
+ - name: Checkout code
+ uses: actions/checkout@v4
- name: Install Go
- uses: actions/setup-go@v4
+ uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go-version }}
- - name: Checkout code
- uses: actions/checkout@v3
- name: Run tests with coverage
run: go test -v -race -coverprofile=coverage -covermode=atomic ./...
- - name: Upload coverage report to Codecov
- uses: codecov/codecov-action@v1.5.0
- with:
- file: ./coverage
- flags: unittests
diff --git a/.github/workflows/lsif.yml b/.github/workflows/lsif.yml
deleted file mode 100644
index 27180d73..00000000
--- a/.github/workflows/lsif.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: LSIF
-on:
- push:
- paths:
- - '**.go'
- - 'go.mod'
- - '.github/workflows/lsif.yml'
-env:
- GOPROXY: "https://proxy.golang.org"
-
-jobs:
- lsif-go:
- if: github.repository == 'gogs/git-module'
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- - name: Generate LSIF data
- uses: sourcegraph/lsif-go-action@master
- - name: Upload LSIF data to sourcegraph.com
- continue-on-error: true
- uses: docker://sourcegraph/src-cli:latest
- with:
- args: lsif upload -github-token=${{ secrets.GITHUB_TOKEN }}
- - name: Upload LSIF data to cs.unknwon.dev
- continue-on-error: true
- uses: docker://sourcegraph/src-cli:latest
- with:
- args: -endpoint=https://cs.unknwon.dev lsif upload -github-token=${{ secrets.GITHUB_TOKEN }}
diff --git a/CODEOWNERS b/CODEOWNERS
new file mode 100644
index 00000000..dd3d002b
--- /dev/null
+++ b/CODEOWNERS
@@ -0,0 +1,2 @@
+# Default
+* @gogs/core
diff --git a/go.mod b/go.mod
index 527bc989..8cbb8bc1 100644
--- a/go.mod
+++ b/go.mod
@@ -4,6 +4,6 @@ go 1.16
require (
github.com/mcuadros/go-version v0.0.0-20190308113854-92cdf37c5b75
- github.com/stretchr/testify v1.8.4
- golang.org/x/sync v0.3.0
+ github.com/stretchr/testify v1.10.0
+ golang.org/x/sync v0.9.0
)
diff --git a/go.sum b/go.sum
index eeca57d7..dfab6769 100644
--- a/go.sum
+++ b/go.sum
@@ -8,12 +8,14 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
-golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
+github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/repo_reference_test.go b/repo_reference_test.go
index 4b7a9c36..d0e90e17 100644
--- a/repo_reference_test.go
+++ b/repo_reference_test.go
@@ -168,7 +168,7 @@ func TestRepository_SymbolicRef(t *testing.T) {
// Set a symbolic reference
_, err = r.SymbolicRef(SymbolicRefOptions{
- Name: "TEST-REF",
+ Name: "TEST_REF",
Ref: RefsHeads + "develop",
})
if err != nil {
@@ -177,7 +177,7 @@ func TestRepository_SymbolicRef(t *testing.T) {
// Get the symbolic reference we just set
ref, err = r.SymbolicRef(SymbolicRefOptions{
- Name: "TEST-REF",
+ Name: "TEST_REF",
})
if err != nil {
t.Fatal(err)
diff --git a/repo_tag.go b/repo_tag.go
index e5843702..342979f3 100644
--- a/repo_tag.go
+++ b/repo_tag.go
@@ -248,6 +248,8 @@ func (r *Repository) CreateTag(name, rev string, opts ...CreateTagOptions) error
cmd.AddCommitter(opt.Author)
}
} else {
+ // 🚨 SECURITY: Prevent including unintended options in the path to the Git command.
+ cmd.AddArgs("--end-of-options")
cmd.AddArgs(name)
}
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy