Skip to content

chore(deps): update gitea/gitea docker tag to v1.27.0#95

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/gitea-gitea-1.x
Open

chore(deps): update gitea/gitea docker tag to v1.27.0#95
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/gitea-gitea-1.x

Conversation

@renovate

@renovate renovate Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
gitea/gitea minor 1.26.41.27.0

Release Notes

go-gitea/gitea (gitea/gitea)

v1.27.0

Compare Source

  • BREAKING

    • Feat(actions)!: improve support for reusable workflows (#​37478)
    • Use Content-Security-Policy: script nonce (#​37232)
  • SECURITY

    • Fix: various security fixes (#​38406) (#​38426)
    • Fix(security): harden access checks and migration validation (#​38324) (#​38400)
    • Fix: enforce public-only token scope and harden push options / locale parsing (#​38323) (#​38399)
    • Fix(pull): re-evaluate review official flag on target branch change (#​38319) (#​38402)
    • Fix(api): stop leaking private repo metadata after access revocation (#​38321) (#​38390)
    • Fix(lfs): require proof of possession for cross-repo objects (#​38322) (#​38389)
    • Fix(mirror): disable HTTP redirects on pull mirror sync (#​38320) (#​38367)
    • Fix: golang html template url escaping (#​38363) (#​38369)
    • Fix(release): validate web attachment renames against allowed types (#​38314) (#​38328)
    • Fix(release): gate draft release attachments on web download endpoints (#​38318) (#​38325)
    • Fix(deps): update module github.com/go-git/go-git/v5 to v5.19.1 [security] (#​37786)
    • Fix(oauth): restrict introspection to the token's client (#​38042)
    • Fix(api): don't expose private org membership via public_members (#​38145)
    • Fix(actions): deny fork-PR cross-repo access via collaborative owner (#​38214)
    • Fix(migrations): prevent path traversal in repository restore (#​38215)
  • FEATURES

    • Feat(actions): add workflow status badge modal (#​38196)
    • Feat(actions): support owner-level and global scoped workflows (#​38154)
    • Feat(api): support ref suffixes in compare (#​38148)
    • Feat(actions): implement jobs.<job_id>.continue-on-error (#​38100)
    • Feat(actions): show run status on browser tab favicon (#​38071)
    • Feat(api): add token introspection and self-deletion endpoint (#​37995)
    • Feat(api): add q parameter to list branches API for server-side filtering (#​37982)
    • Feat(repo): split repository creation limit into user and org scopes (#​37872)
    • Feat(actions): bulk delete, disable and enable runners in admin UI (#​37869)
    • Feat(actions): List workflows that were executed once but got removed from the default branch (#​37835)
    • Feat(org): add team visibility so org members can discover teams (#​37680)
    • Feat: add raw diff/patch endpoint for repository comparisons (#​37632)
    • Feat: Add avatar stacks (#​37594)
    • Feat(actions): add job summaries (GITHUB_STEP_SUMMARY) (#​37500)
    • Feat(web): Add Jupyter Notebook (.ipynb) Rendering Support (#​37433)
    • Support for Custom URI Schemes in OAuth2 Redirect URIs (#​37356)
    • Feat(orgs): Add search bar for organization members tab page (#​37347)
    • Feat(api): Add assignees APIs (#​37330)
    • Feat(api): Add GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs (#​37196)
    • Serve OpenAPI 3.0 spec at /openapi.v1.json (#​37038)
    • Add project column picker to issue and pull request sidebar (#​37037)
    • Allow multiple projects per issue and pull requests (#​36784)
    • Feat(ui): add "follow rename" to file commit history list (#​34994)
    • Feat(ssh): auto generate additional ssh keys (#​33974)
  • ENHANCEMENTS

    • Enhance(actions): only create filtered-out workflow commit status for required contexts (#​38371) (#​38385)
    • Enhance: allow builtin default git config options to be overridden (#​38172)
    • Enhance: allow MathML core elements (#​38034)
    • Enhance(markup): improve issue title rendering (#​37908)
    • Enhance(actions): set descriptive browser tab title on run view (#​37870)
    • Enhance: Migrate remaining gopkg.in/yaml.v3 usages to go.yaml.in/yaml/v4 (#​37866)
    • Enhance(actions): show workflow name from YAML instead of filename (#​37833)
    • Feat(actions): add before/after to PR synchronize event payload (#​37827)
    • Enhance(actions): add branch filters to run list (#​37826)
    • Enhance(actions): Make Summary UI more beautiful with more infos (#​37824)
    • Feat: add copy button to action step header, improve other copy buttons (#​37744)
    • Fix(icon): use repo-forked icon to display forks count (#​37731)
    • Feat(api): add sort and order query parameters to job list endpoints (#​37672)
    • Feat(api): add last_sync to repository API (#​37566)
    • Enhance: Adjust Workflow Graph styling (#​37497)
    • Improve code editor text selection and clean up lint enablement (#​37474)
    • Add mirror auth updates to repo edit API and settings (#​37468)
    • Replace olivere/elastic with REST API client, add OpenSearch support (#​37411)
    • Feat: Add default PR branch update style setting (#​37410)
    • Fix inconsistent disabled styling on logged-out repo header buttons (#​37406)
    • Allow fast-forward-only merge when signed commits are required (#​37335)
    • Enhance styling in actions page (#​37323)
    • Fix: improve actions status icons and texts (#​37206)
    • Make Markdown fenced code block work with more syntaxes (#​37154)
    • Fix: Sort action run jobs by JobID and Name with matrix examples (#​37046)
    • Add API endpoint to reply to pull request review comments (#​36683)
  • PERFORMANCE

    • Perf(actions): debounce runner heartbeat writes and throttle task picks (#​38281) (#​38368)
    • Perf(web): sort the action_run query by a repo-scoped index when possible (#​38155)
    • Perf: Various performance regression fixes (#​38078)
    • Perf: extend action c_u index to include created_unix for faster dashboard feeds (#​38076)
    • Batch-load related data in actions run, job, and task API endpoints (#​37032)
  • BUGFIXES

    • Fix(util): reject invalid characters between time-estimate units (#​38416) (#​38423)
    • Fix: represent a deleted assignee team as a Ghost team (#​38413) (#​38419)
    • Fix(turnstile): route CAPTCHA verification through the configured proxy (#​38412) (#​38420)
    • Fix: refresh pull request merge box when the commit status is pending (#​38410) (#​38411)
    • Fix: actions task state concurrent update (#​38405) (#​38409)
    • Fix(actions): keep workflow run trailing on one row with long branch names (#​38382) (#​38403)
    • Fix(web): use locale-aware date formatting for contribution calendar tooltips (#​38398) (#​38401)
    • Fix: co-author detection (#​38392) (#​38397)
    • Fix: incorrect co-author detection on commit page (#​38386) (#​38387)
    • Fix(ui): restore commits table column widths (#​38379) (#​38383)
    • Fix: minio init check (#​38355) (#​38361)
    • Fix: org project view assignee list (#​38357) (#​38360)
    • Fix(actions): release claimed task if context is cancelled during FetchTask (#​38343) (#​38347)
    • Fix(actions): make runner list pagination order deterministic (#​38313) (#​38327)
    • Fix: Improve since/until when counting commits for X-Total-Count (#​38243) (#​38304)
    • Fix(actions): prevent chevron overlap with log text when timestamps are enabled (#​38227) (#​38307)
    • Fix(workflows): branch protection status checks fail when workflow uses on: paths filter (#​38237) (#​38302)
    • Fix(oauth2): persist linkAccountData during auto-link 2FA flow (#​38274) (#​38295)
    • Fix(actions): allow Actions bot to push to protected branches (#​38284) (#​38293)
    • Fix(actions): include all aggregable run statuses in status filter (#​38280) (#​38287)
    • Fix(archiver): use serializable repo-archive queue payload (#​38273) (#​38283)
    • Fix: update npm dependencies, fix misc issues (#​38257)
    • Fix(api): respect since/until when counting commits for X-Total-Count (#​38204)
    • Fix: codemirror regressions (#​38248)
    • Fix(api): support HEAD requests on all API GET endpoints (#​38245)
    • Fix(actions): Cleanup workflow status badge code (#​38241)
    • Fix(web): Correctly align the "disabled" label on larger workflow names (#​38240)
    • Fix(actions): don't swallow HTML entities into linkified URLs (#​38239)
    • Fix(packages): accept npm "repository" and "bin" in string form (#​38236)
    • Fix(actions): fix 500 error when canceling a canceling task (#​38223)
    • Fix(deps): update module golang.org/x/image to v0.43.0 [security] (#​38219)
    • Fix(mssql): convert legacy DATETIME columns to DATETIME2 (#​38216)
    • Fix(api): deny private org member enumeration via /members (#​38213)
    • Fix(actions): ensure all waiting jobs get runners in large workflows (#​38200)
    • Fix(deps): update go dependencies (#​38194)
    • Fix(deps): update npm dependencies (#​38193)
    • Fix(cli): default must-change-password to false for bot users (#​38175)
    • Fix(actions): show run index in run view and fix summary graph height (#​38165)
    • Fix: csp (#​38162)
    • Fix(deps): update npm dependencies (#​38123)
    • Fix(mssql): expand legacy issue and comment long-text columns (#​38120)
    • Fix(packages): validate debian distribution and component names (#​38116)
    • Fix(packages): validate module version in goproxy ParsePackage (#​38104)
    • Fix(deps): update dependency esbuild to v0.28.1 [security] (#​38097)
    • Fix: git push hook post receive (#​38089)
    • Fix(ui): prevent commit status popup overflowing its row (#​38081)
    • Fix: validate gem name in rubygems parseMetadataFile (#​38061)
    • Fix: commit display name (#​38057)
    • Fix: csp regressions (#​38047)
    • Fix: api error message (#​38031)
    • Fix(deps): update npm dependencies (#​38029)
    • Fix: pgsql lint (#​38022)
    • Fix(indexer): fix assignee filters in issue search (#​38021)
    • Fix: various dropdown problems (#​38020)
    • Fix: refactor git error handling and make archive streaming handle non-existing commit id (#​38007)
    • Fix: raise git required version to 2.13 (#​37996)
    • Fix: remove "no-transfrom" from the cache-control header (#​37985)
    • Fix(deps): update module github.com/google/go-github/v87 to v88 (#​37971)
    • Fix: use committer time where ever possible as default (#​37969)
    • Fix(deps): update npm dependencies, remove nolyfill (#​37968)
    • Fix(deps): update go dependencies (#​37967)
    • Fix(pull): preserve squash message trailers and additional commit messages (#​37954)
    • Fix(deps): update module golang.org/x/image to v0.41.0 [security] (#​37904)
    • Fix: support ##[command] log prefix in action run UI (#​37882)
    • Fix(deps): update module github.com/google/go-github/v86 to v87 (#​37845)
    • Fix(deps): update npm dependencies (#​37844)
    • Fix(deps): update go dependencies (#​37841)
    • Fix(frontend): resolve Vite assets by manifest source path (#​37836)
    • Fix(locales): Replace hardcoded strings (#​37788)
    • Fix(packages): render markdown links relative to linked repo (#​37676)
    • Fix: persist mirror repository metadata (#​37519)
    • Fix cmd tests by mocking builtin paths (#​37369)
    • Add form-fetch-action to some forms, fix "fetch action" resp bug (#​37305)
    • Feat: execute post run cleanup when workflow is cancelled (#​37275)
    • Fix relative-time error and improve global error handler (#​37241)
    • Refactor flash message and remove SanitizeHTML template func (#​37179)
  • TESTING

    • Test(e2e): fix race in pdf file render test (#​38380) (#​38381)
    • Test: compare key file contents instead of FileInfo in TestInitKeys (#​38330) (#​38331)
    • Test: speed up two tests (#​37905)
    • Test: Fix random failure test (#​37887)
    • Test: fix flaky issue-comment close test (#​37880)
    • Test: enable WAL for sqlite integration tests (#​37861)
    • Test: fix flaky TestResourceIndex and reduce its runtime (#​37847)
    • Test: run TestAPIRepoMigrate offline via a local clone source (#​37817)
    • Ci: shard tests and reduce redundant work (#​37618)
    • Test(e2e): run playwright via container (#​37300)
    • Remove external service dependencies in migration tests (#​36866)
  • BUILD

    • Fix(actions): authenticate snapcraft before nightly remote build (#​38252)
    • Ci: cap Elasticsearch heap in db-tests (#​37816)
    • Build(snap): publish nightly version to snapcraft via actions (#​37814)
    • Ci: split pgsql shards into plain jobs, dedupe setup actions (#​37802)
    • Ci: narrow files-changed frontend filter (#​37749)
    • Ci: add zizmor to lint-actions (#​37720)
    • Chore: clean up "contrib" dir (#​37690)
    • Fix: snap build (main branch) (#​37685)
    • Ci: Also lint json5 files (#​37659)
    • Feat(editor): broaden language detection in web code editor (#​37619)
    • Build: update pnpm to v11 (#​37591)
    • Refactor(deps): migrate from nektos/act fork to gitea/runner (#​37557)
    • Refactor: lint bare fill/stroke colors, add vars for git graph color series (#​37543)
    • Update go js py dependencies (#​37525)
    • Ci: lint PR titles with commitlint (#​37498)
    • Chore: upgrade Go version in devcontainer image to 1.26 (#​37374)
    • Update GitHub Actions to latest major versions (#​37313)
    • Update go js dependencies (#​37312)
    • Fail vite build on rolldown warnings via NODE_ENV=test (#​37270)
    • Remove htmx (#​37224)
    • Replace custom Go formatter with golangci-lint fmt (#​37194)
    • Refactor htmx and fetch-action related code (#​37186)
    • Integrate renovate bot for all dependency updates (#​37050)
    • Build(sign): move to sigstore (#​38250)
  • DOCS

    • Docs: update changelog for 1.26.3 & 1.26.4 (#​38178)
    • Docs: fix duplicated word in foreachref doc comment (#​38161)
    • Docs: Clarify criteria for becoming a merger (#​38113)
    • Docs: Publish TOC Election Result 2026 (#​38111)
    • Docs: mark openapi3 as autogenerated in attributes (#​37963)
    • Docs: add development setup guide (#​37960)
  • MISC

    • Revert(sign): restore gpg (#​38251)
    • Refactor: replace legacy delete-button with link-action (#​38143)
    • Refactor(actions): read runner capabilities from proto field (#​38068)
    • Refactor(api): clarify APIError message usage and fix legacy lint error (#​38012)
    • Refactor: Use db.Get[] instead of db.GetEngine(ctx).Get(bean) to avoid zero value fetching wrong database record (#​37977)
    • Fix(deps): update go dependencies (#​37851)
    • Ci: Fix sync PR labels from the conventional-commit title (#​37784) (#​37825)
    • Ci: tweak files-changed, add free-disk-space (#​37819)
    • Fix(deps): update module golang.org/x/crypto to v0.52.0 [security] (#​37806)
    • Test(e2e): add comment, release, star, PR and fork tests (#​37800)
    • Chore: simplify issue and pull request templates (#​37799)
    • Chore: Update giteabot to fix failure when backport (#​37789)
    • Fix(api): handle partial failures in push mirror synchronization gracefully (#​37782)
    • Fix(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.26.0 (#​37771)
    • Ci: split giteabot workflow (#​37770)
    • Fix(deps): update npm dependencies (#​37768)
    • Refactor(waitgroup): replace Add/Done goroutines with WaitGroup.Go (#​37764)
    • Fix(deps): update module google.golang.org/grpc to v1.81.1 (#​37762)
    • Ci: fix cache-related issues (#​37761)
    • Chore: fix tests (#​37760)
    • Fix(deps): update module github.com/google/go-github/v85 to v86 (#​37754)
    • Fix(deps): update npm dependencies (#​37753)
    • Fix(deps): update go dependencies (#​37752)
    • Chore(deps): update action dependencies (#​37751)
    • Fix(markup): wrap indented code blocks for the code-copy button (#​37748)
    • Chore(db): introduce db.Session and db.EngineMigration interfaces (#​37746)
    • Feat(web): also display PR counts in repo list (#​37739)
    • Refactor(glob): use strings.Builder for regexp compilation (#​37730)
    • Chore(doctor): remove four obsolete doctor check implementations (#​37728)
    • Refactor(org): simplify owner-team org repo creation logic (#​37727)
    • Refactor: move workflowpattern into modules/actions (#​37717)
    • Chore: clean up tests (#​37715)
    • Style: misc UI fixes (#​37691)
    • Ci: add shellcheck linter (#​37682)
    • Fix: catch and fix more lint problems (#​37674)
    • Fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test (#​37662)
    • Fix(deps): update npm dependencies (#​37647)
    • Ci(renovate): update Go import paths on major bumps (#​37641)
    • Fix(deps): update go dependencies (major) (#​37639)
    • Chore(deps): update action dependencies (major) (#​37638)
    • Fix(deps): update module code.gitea.io/sdk/gitea to v0.25.0 (#​37637)
    • Fix(deps): update npm dependencies (#​37636)
    • Refactor(log): replace log.Critical with log.Error (#​37624)
    • Build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#​37616)
    • Feat(oauth): Support AWS Cognito OAuth2 provider (#​37607)
    • Chore(deps): update action dependencies (#​37603)
    • Ci: allow chore type in PR title lint (#​37575)
    • Refactor: only reset a database table when the table's data was changed (#​37573)
    • Ci: increase renovate frequency and fix RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS (#​37565)
    • Refactor: use modernc sqlite driver as default (#​37562)
    • Docs: fix 4 typos in CHANGELOG.md (#​37549)
    • Fix(deps): update go dependencies (#​37541)
    • Chore(deps): update action dependencies (#​37540)
    • Refactor pull request view (6) (#​37522)
    • Fix: redirect early CLI console logger to stderr (#​37507)
    • Refactor "flex-list" to "flex-divided-list" (#​37505)
    • Refactor compare diff/pull page (1) (#​37481)
    • Refactor pull request view (4) (#​37451)
    • Update 1.26.1 changelog in main (#​37442)
    • Refactor: use named Permission field in Repository struct instead of anonymous embedding (#​37441)
    • Refactor: serve site manifest via /assets/site-manifest.json endpoint (#​37405)
    • Remove IsValidExternalURL/IsAPIURL and use IsValidURL at call sites (#​37364)
    • Update Block a user form (#​37359)
    • Move review request functions to a standalone file (#​37358)
    • Feat(security): set X-Content-Type-Options: nosniff by default (#​37354)
    • Enable strict TypeScript, add errorMessage helper (#​37292)
    • Refactor frontend tw-justify-between layouts to flex-left-right (#​37291)
    • Update Nix flake (#​37284)
    • Fix Repository transferring page (#​37277)
    • Remove SubmitEvent polyfill (#​37276)
    • Remove dead code identified by deadcode tool (#​37271)
    • Upgrade go-git to v5.18.0 (#​37268)
    • Don't add useless labels which will bother changelog generation (#​37267)
    • Move heatmap to first-party code (#​37262)
    • Tests/integration: simplify code (#​37249)
    • Add pagination and search box to org teams list (#​37245)
    • Remove error returns from crypto random helpers and callers (#​37240)
    • Add ExternalIDClaim option for OAuth2 OIDC auth source (#​37229)
    • Refactor: simplify ParseCatFileTreeLine and catBatchParseTreeEntries (#​37210)
    • Refactor "htmx" to "fetch action" (#​37208)
    • Update go js py dependencies (#​37204)
    • Add comment for the design of "user activity time" (#​37195)
    • Remove outdated RunUser logic (#​37180)
    • Models/fixtures: add "DO NOT add more test data" comment to all yml fixture files (#​37150)
    • Update javascript dependencies (#​37142)
    • Update go dependencies (#​37141)
    • Frontport changelog of v1.26.0-rc0 (#​37138)
    • Introduce ActionRunAttempt to represent each execution of a run (#​37119)
    • Workflow Artifact Info Hover (#​37100)
    • Extend issue context popup beyond markdown content (#​36908)
    • Add bulk repository deletion for organizations (#​36763)
    • Feat: Add bypass allowlist for branch protection (#​36514)

Instances on Gitea Cloud will be automatically upgraded to this version during the specified maintenance window.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants