Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package forgejo for openSUSE:Factory checked in at 2024-11-17 16:41:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/forgejo (Old) and /work/SRC/openSUSE:Factory/.forgejo.new.2017 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "forgejo" Sun Nov 17 16:41:40 2024 rev:19 rq:1224537 version:9.0.2 Changes: -------- --- /work/SRC/openSUSE:Factory/forgejo/forgejo.changes 2024-10-29 14:36:25.804713807 +0100 +++ /work/SRC/openSUSE:Factory/.forgejo.new.2017/forgejo.changes 2024-11-17 16:41:45.564629932 +0100 @@ -1,0 +2,37 @@ +Sat Nov 16 03:16:51 UTC 2024 - Richard Rahl <rra...@opensuse.org> + +- update to 9.0.2: + * it was possible to use a token sent via email for secondary email validation + to reset the password instead. In other words, a token sent for a given + action (registration, password reset or secondary email validation) could + be used to perform a different action. + * a fork of a public repository would show in the list of forks, even if its + owner was not a public user or organization. + * the members of an organization team with read access to a repository (e.g. + to read issues) but no read access to the code could read the RSS or atom + feeds which include the commit activity. Reading the RSS or atom feeds is + now denied unless the team has read permissions on the code. + * the tokens used when replying by email to issues or pull requests were + weaker than the rfc2104 recommendations. + * a registered user could modify the update frequency of any push mirror. + * it was possible to use basic authorization (i.e. user:password) for requests + to the API even when security keys were enrolled for a user. + * some markup sanitation rules were not as strong as they could be. + * when Forgejo is configured to enable instance wide search (e.g. with bleve), + results found in the repositories of private or limited users were displayed + to anonymous visitors. + * fix: handle renamed dependency for cargo registry. + * support www.github.com for migrations. + * move forgot_password-link to fix login tab order. + * code owners will not be mentioned when a pull request comes from a forked + repository. + * labels are missing in the pull request payload removing a label. + * in a Forgejo Actions workflow, the unlabeled event type for pull requests + was incorrectly mapped to the labeled event type. + * when a Forgejo Actions issue or pull request workflow is triggered by an + labeled or unlabeled event type, it misses information about the label added + or removed. It is now available in the label data member of the event payload. + * pull request workflow must always update the head SHA commit status. + * fix git-grep for code search when git version is below 2.38. + +------------------------------------------------------------------- Old: ---- forgejo-src-9.0.1.tar.gz forgejo-src-9.0.1.tar.gz.asc New: ---- forgejo-src-9.0.2.tar.gz forgejo-src-9.0.2.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ forgejo.spec ++++++ --- /var/tmp/diff_new_pack.E2z28R/_old 2024-11-17 16:41:53.316951942 +0100 +++ /var/tmp/diff_new_pack.E2z28R/_new 2024-11-17 16:41:53.316951942 +0100 @@ -30,7 +30,7 @@ %endif %endif Name: forgejo -Version: 9.0.1 +Version: 9.0.2 Release: 0 Summary: Self-hostable forge License: GPL-3.0-or-later ++++++ forgejo-src-9.0.1.tar.gz -> forgejo-src-9.0.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/forgejo/forgejo-src-9.0.1.tar.gz /work/SRC/openSUSE:Factory/.forgejo.new.2017/forgejo-src-9.0.2.tar.gz differ: char 26, line 1 ++++++ node_modules.obscpio ++++++ /work/SRC/openSUSE:Factory/forgejo/node_modules.obscpio /work/SRC/openSUSE:Factory/.forgejo.new.2017/node_modules.obscpio differ: char 143536586, line 502245 ++++++ node_modules.spec.inc ++++++ --- /var/tmp/diff_new_pack.E2z28R/_old 2024-11-17 16:41:53.784971382 +0100 +++ /var/tmp/diff_new_pack.E2z28R/_new 2024-11-17 16:41:53.788971548 +0100 @@ -652,7 +652,7 @@ Source10651: https://registry.npmjs.org/graphemer/-/graphemer-1.4.0.tgz#/graphemer-1.4.0.tgz Source10652: https://registry.npmjs.org/hachure-fill/-/hachure-fill-0.5.2.tgz#/hachure-fill-0.5.2.tgz Source10653: https://registry.npmjs.org/hammerjs/-/hammerjs-2.0.8.tgz#/hammerjs-2.0.8.tgz -Source10654: https://registry.npmjs.org/happy-dom/-/happy-dom-15.7.4.tgz#/happy-dom-15.7.4.tgz +Source10654: https://registry.npmjs.org/happy-dom/-/happy-dom-15.10.2.tgz#/happy-dom-15.10.2.tgz Source10655: https://registry.npmjs.org/has-bigints/-/has-bigints-1.0.2.tgz#/has-bigints-1.0.2.tgz Source10656: https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz#/has-flag-3.0.0.tgz Source10657: https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz#/has-flag-4.0.0.tgz ++++++ package-lock.json ++++++ --- /var/tmp/diff_new_pack.E2z28R/_old 2024-11-17 16:41:53.832973376 +0100 +++ /var/tmp/diff_new_pack.E2z28R/_new 2024-11-17 16:41:53.840973708 +0100 @@ -84,7 +84,7 @@ "eslint-plugin-vue": "9.28.0", "eslint-plugin-vue-scoped-css": "2.8.1", "eslint-plugin-wc": "2.1.1", - "happy-dom": "15.7.4", + "happy-dom": "15.10.2", "license-checker-rseidelsohn": "4.4.2", "markdownlint-cli": "0.41.0", "postcss-html": "1.7.0", @@ -10088,9 +10088,9 @@ } }, "node_modules/happy-dom": { - "version": "15.7.4", - "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-15.7.4.tgz";, - "integrity": "sha512-r1vadDYGMtsHAAsqhDuk4IpPvr6N8MGKy5ntBo7tSdim+pWDxus2PNqOcOt8LuDZ4t3KJHE+gCuzupcx/GKnyQ==", + "version": "15.10.2", + "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-15.10.2.tgz";, + "integrity": "sha512-NbA5XrSovenJIIcfixCREX3ZnV7yHP4phhbfuxxf4CPn+LZpz/jIM9EqJ2DrPwgVDSMoAKH3pZwQvkbsSiCrUw==", "dev": true, "license": "MIT", "dependencies": {
