Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

User keypairs and HTTP signatures for ActivityPub federation using go-ap #19133

Merged
merged 116 commits into from Jun 19, 2022
Merged

User keypairs and HTTP signatures for ActivityPub federation using go-ap #19133

merged 116 commits into from Jun 19, 2022

Conversation

ghost
Copy link

@ghost ghost commented Mar 18, 2022

This implements a few components of the ActivityPub protocol using the go-ap library. This includes an /activitypub and /activitypub/user endpoint for the API, ActivityPub-specific information in the /.well-known/webfinger endpoint, and middleware for HTTP signatures. It does not do much but it is an essential building block for ActivityPub federation.


Loïc Dachary added 7 commits March 18, 2022 17:33
go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master
Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).

Refs: #14186

Signed-off-by: Loïc Dachary <loic@dachary.org>
Refs: #14186

Signed-off-by: Loïc Dachary <loic@dachary.org>
Signed-off-by: Loïc Dachary <loic@dachary.org>
Signed-off-by: Loïc Dachary <loic@dachary.org>
Signed-off-by: Loïc Dachary <loic@dachary.org>
Signed-off-by: Loïc Dachary <loic@dachary.org>
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Mar 19, 2022
@lunny lunny added type/feature Completely new functionality. Can only be merged if feature freeze is not active. topic/federation labels Mar 19, 2022
@Gusted Gusted added this to the 1.17.0 milestone Mar 19, 2022
Anthony Wang added 2 commits March 19, 2022 08:54
Signed-off-by: Anthony Wang <ta180m@pm.me>
Signed-off-by: Anthony Wang <ta180m@pm.me>
integrations/api_activitypub_person_test.go Outdated Show resolved Hide resolved
integrations/api_activitypub_person_test.go Outdated Show resolved Hide resolved
integrations/api_activitypub_person_test.go Outdated Show resolved Hide resolved
integrations/api_activitypub_person_test.go Show resolved Hide resolved
integrations/api_activitypub_person_test.go Outdated Show resolved Hide resolved
integrations/api_activitypub_person_test.go Outdated Show resolved Hide resolved
integrations/api_activitypub_person_test.go Outdated Show resolved Hide resolved
Anthony Wang added 5 commits March 19, 2022 09:14
Signed-off-by: Anthony Wang <ta180m@pm.me>
Signed-off-by: Anthony Wang <ta180m@pm.me>
Signed-off-by: Anthony Wang <ta180m@pm.me>
Signed-off-by: Anthony Wang <ta180m@pm.me>
Signed-off-by: Anthony Wang <ta180m@pm.me>
@ghost ghost requested a review from Gusted March 21, 2022 02:41
Copy link
Contributor

@Gusted Gusted left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looking good. Code flow looks good to me, we might want to add some more comments here and there because I'm still scratching my head at some sections of the code, of what's actually doing.

routers/api/v1/api.go Outdated Show resolved Hide resolved
routers/api/v1/activitypub/reqsignature.go Outdated Show resolved Hide resolved
routers/api/v1/activitypub/reqsignature.go Outdated Show resolved Hide resolved
routers/api/v1/activitypub/reqsignature.go Outdated Show resolved Hide resolved
routers/api/v1/activitypub/reqsignature.go Outdated Show resolved Hide resolved
routers/api/v1/activitypub/person.go Outdated Show resolved Hide resolved
modules/activitypub/hack_16834.go Outdated Show resolved Hide resolved
Signed-off-by: Anthony Wang <ta180m@pm.me>
@ghost
Copy link
Author

ghost commented Mar 24, 2022

This PR adds the large go-fed library which increases the Gitea binary size from 80 MB to 103 MB. I originally created #19104 to discuss ways to deal with this addition, but we can also discuss it here.

@Gusted
Copy link
Contributor

Gusted commented Mar 25, 2022

This PR adds the large go-fed library which increases the Gitea binary size from 80 MB to 103 MB. I originally created #19104 to discuss ways to deal with this addition, but we can also discuss it here.

That's measurably bigger. Of course it would be nice if go-fed was able to simplify code to reduce the binary size. Possible solution, given the nature of this is to introduce build tags within gitea, such that go-fed won't compile if one doesn't want to use federation.

Signed-off-by: Anthony Wang <ta180m@pm.me>
@ghost ghost requested a review from Gusted March 26, 2022 01:50
Copy link
Member

@6543 6543 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

at least add it ...

custom/conf/app.example.ini Outdated Show resolved Hide resolved
docs/content/doc/advanced/config-cheat-sheet.en-us.md Outdated Show resolved Hide resolved
modules/setting/federation.go Outdated Show resolved Hide resolved
@ghost
Copy link
Author

ghost commented Jun 18, 2022

Sorry for the force-push: I think it's because https://github.com/Ta180m/gitea is a push mirror of https://gitea.com/Ta180m/gitea and a commit on the GitHub repo was overwritten when gitea.com synchronized the mirror.

@6543
Copy link
Member

6543 commented Jun 18, 2022

to bad ... I was just going to merge this ...

@ghost
Copy link
Author

ghost commented Jun 18, 2022

Sorry for the force-push: I think it's because https://github.com/Ta180m/gitea is a push mirror of https://gitea.com/Ta180m/gitea and a commit on the GitHub repo was overwritten when gitea.com synchronized the mirror.

@6543 I don't think there was anything important overwritten so it should be OK to merge now.

Copy link
Member

@delvh delvh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I only skimmed through it because it seems to get merged soon, but I found a few things:

routers/api/v1/swagger/activitypub.go Show resolved Hide resolved
routers/web/webfinger.go Outdated Show resolved Hide resolved
// NewClient function
func NewClient(user *user_model.User, pubID string) (c *Client, err error) {
if err = containsRequiredHTTPHeaders(http.MethodGet, setting.Federation.GetHeaders); err != nil {
return
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given that there is currently a PR that attempts to get rid of naked returns, I think you should convert them.
Everywhere you added them.

routers/api/v1/activitypub/reqsignature.go Show resolved Hide resolved
routers/api/v1/activitypub/person.go Outdated Show resolved Hide resolved
routers/api/v1/activitypub/person.go Outdated Show resolved Hide resolved
@6543
Copy link
Member

6543 commented Jun 19, 2022

🚀

@6543 6543 merged commit e86f18a into go-gitea:main Jun 19, 2022
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jun 21, 2022
* giteaofficial/main:
  [skip ci] Updated translations via Crowdin
  Catch the error before the response is processed by goth. (go-gitea#20000)
  Adjust transaction handling via db.Context (go-gitea#20031)
  Add more linters to improve code readability (go-gitea#19989)
  [skip ci] Updated translations via Crowdin
  Disable federation by default (go-gitea#20045)
  Respond with a 401 on git push when password isn't changed yet (go-gitea#20026)
  Alter hook_task TEXT fields to LONGTEXT (go-gitea#20038)
  Simplify and fix migration 216 (go-gitea#20035)
  use quoted regexp instead of git fixed-value (go-gitea#20029)
  fix delete pull head ref for DeleteIssue (go-gitea#20032)
  User keypairs and HTTP signatures for ActivityPub federation using go-ap (go-gitea#19133)
  Backtick table name in generic orphan check (go-gitea#20019)
  Update document to clarify that ALLOWED_DOMAINS/BLOCKED_DOMAINS support wildcard (go-gitea#20016)
  Return 404 when tag is broken (go-gitea#20017)
  Dump should only copy regular files and symlink regular files (go-gitea#20015)
vsysoev pushed a commit to IntegraSDL/gitea that referenced this pull request Aug 10, 2022
…-ap (go-gitea#19133)

* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency

go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master

* activitypub: implement /api/v1/activitypub/user/{username} (go-gitea#14186)

Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).

Refs: go-gitea#14186

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: add the public key to Person (go-gitea#14186)

Refs: go-gitea#14186

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: go-fed conformant Clock instance

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: signing http client

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: implement the ReqSignature middleware

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: hack_16834

Signed-off-by: Loïc Dachary <loic@dachary.org>

* Fix CI checks-backend errors with go mod tidy

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Change 2021 to 2022, properly format package imports

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Run make fmt and make generate-swagger

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Use Gitea JSON library, add assert for pkp

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Run make fmt again, fix err var redeclaration

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Remove LogSQL from ActivityPub person test

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Assert if json.Unmarshal succeeds

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Cleanup, handle invalid usernames for ActivityPub person GET request

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Rename hack_16834 to user_settings

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Use the httplib module instead of http for GET requests

* Clean up whitespace with make fmt

* Use time.RFC1123 and make the http.Client proxy-aware

* Check if digest algo is supported in setting module

* Clean up some variable declarations

* Remove unneeded copy

* Use system timezone instead of setting.DefaultUILocation

* Use named constant for httpsigExpirationTime

* Make pubKey IRI #main-key instead of /#main-key

* Move /#main-key to #main-key in tests

* Implemented Webfinger endpoint.

* Add visible check.

* Add user profile as alias.

* Add actor IRI and remote interaction URL to WebFinger response

* fmt

* Fix lint errors

* Use go-ap instead of go-fed

* Run go mod tidy to fix missing modules in go.mod and go.sum

* make fmt

* Convert remaining code to go-ap

* Clean up go.sum

* Fix JSON unmarshall error

* Fix CI errors by adding @context to Person() and making sure types match

* Correctly decode JSON in api_activitypub_person_test.go

* Force CI rerun

* Fix TestActivityPubPersonInbox segfault

* Fix lint error

* Use @mariusor's suggestions for idiomatic go-ap usage

* Correctly add inbox/outbox IRIs to person

* Code cleanup

* Remove another LogSQL from ActivityPub person test

* Move httpsig algos slice to an init() function

* Add actor IRI and remote interaction URL to WebFinger response

* Update TestWebFinger to check for ActivityPub IRI in aliases

* make fmt

* Force CI rerun

* WebFinger: Add CORS header and fix Href -> Template for remote interactions

The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues

* make lint-backend

* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon

Setting the correct Content-Type is essential for federating with Mastodon

* Use UTC instead of GMT

* Rename pkey to pubKey

* Make sure HTTP request Date in GMT

* make fmt

* dont drop err

* Make sure API responses always refer to username in original case

Copied from what I wrote on go-gitea#19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.

* Move httpsig algs constant slice to modules/setting/federation.go

* Add new federation settings to app.example.ini and config-cheat-sheet

* Return if marshalling error

* Make sure Person IRIs are generated correctly

This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.

* If httpsig verification fails, fix Host header and try again

This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.


* Revert "If httpsig verification fails, fix Host header and try again"

This reverts commit f53e46c.

The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.

* Go back to using ap.IRI to generate inbox and outbox IRIs

* use const for key values

* Update routers/web/webfinger.go

* Use ctx.JSON in Person response to make code cleaner

* Revert "Use ctx.JSON in Person response to make code cleaner"

This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.

This reverts commit 95aad98.

* Use activitypub.ActivityStreamsContentType for Person response Content Type

* Limit maximum ActivityPub request and response sizes to a configurable setting

* Move setting key constants to models/user/setting_keys.go

* Fix failing ActivityPubPerson integration test by checking the correct field for username

* Add a warning about changing settings that can break federation

* Add better comments

* Don't multiply Federation.MaxSize by 1<<20 twice

* Add more better comments

* Fix failing ActivityPubMissingPerson test

We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different

* make generate-swagger

For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦

* Move getting the RFC 2616 time to a separate function

* More code cleanup

* Update go-ap to fix empty liked collection and removed unneeded HTTP headers

* go mod tidy

* Add ed25519 to httpsig algorithms

* Use go-ap/jsonld to add @context and marshal JSON

* Change Gitea user agent from the default to Gitea/Version

* Use ctx.ServerError and remove all remote interaction code from webfinger.go
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this pull request Aug 24, 2022
…-ap (go-gitea#19133)

* go.mod: add go-fed/{httpsig,activity/pub,activity/streams} dependency

go get github.com/go-fed/activity/streams@master
go get github.com/go-fed/activity/pub@master
go get github.com/go-fed/httpsig@master

* activitypub: implement /api/v1/activitypub/user/{username} (go-gitea#14186)

Return informations regarding a Person (as defined in ActivityStreams
https://www.w3.org/TR/activitystreams-vocabulary/#dfn-person).

Refs: go-gitea#14186

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: add the public key to Person (go-gitea#14186)

Refs: go-gitea#14186

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: go-fed conformant Clock instance

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: signing http client

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: implement the ReqSignature middleware

Signed-off-by: Loïc Dachary <loic@dachary.org>

* activitypub: hack_16834

Signed-off-by: Loïc Dachary <loic@dachary.org>

* Fix CI checks-backend errors with go mod tidy

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Change 2021 to 2022, properly format package imports

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Run make fmt and make generate-swagger

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Use Gitea JSON library, add assert for pkp

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Run make fmt again, fix err var redeclaration

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Remove LogSQL from ActivityPub person test

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Assert if json.Unmarshal succeeds

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Cleanup, handle invalid usernames for ActivityPub person GET request

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Rename hack_16834 to user_settings

Signed-off-by: Anthony Wang <ta180m@pm.me>

* Use the httplib module instead of http for GET requests

* Clean up whitespace with make fmt

* Use time.RFC1123 and make the http.Client proxy-aware

* Check if digest algo is supported in setting module

* Clean up some variable declarations

* Remove unneeded copy

* Use system timezone instead of setting.DefaultUILocation

* Use named constant for httpsigExpirationTime

* Make pubKey IRI #main-key instead of /#main-key

* Move /#main-key to #main-key in tests

* Implemented Webfinger endpoint.

* Add visible check.

* Add user profile as alias.

* Add actor IRI and remote interaction URL to WebFinger response

* fmt

* Fix lint errors

* Use go-ap instead of go-fed

* Run go mod tidy to fix missing modules in go.mod and go.sum

* make fmt

* Convert remaining code to go-ap

* Clean up go.sum

* Fix JSON unmarshall error

* Fix CI errors by adding @context to Person() and making sure types match

* Correctly decode JSON in api_activitypub_person_test.go

* Force CI rerun

* Fix TestActivityPubPersonInbox segfault

* Fix lint error

* Use @mariusor's suggestions for idiomatic go-ap usage

* Correctly add inbox/outbox IRIs to person

* Code cleanup

* Remove another LogSQL from ActivityPub person test

* Move httpsig algos slice to an init() function

* Add actor IRI and remote interaction URL to WebFinger response

* Update TestWebFinger to check for ActivityPub IRI in aliases

* make fmt

* Force CI rerun

* WebFinger: Add CORS header and fix Href -> Template for remote interactions

The CORS header is needed due to https://datatracker.ietf.org/doc/html/rfc7033#section-5 and fixes some Peertube <-> Gitea federation issues

* make lint-backend

* Make sure Person endpoint has Content-Type application/activity+json and includes PreferredUsername, URL, and Icon

Setting the correct Content-Type is essential for federating with Mastodon

* Use UTC instead of GMT

* Rename pkey to pubKey

* Make sure HTTP request Date in GMT

* make fmt

* dont drop err

* Make sure API responses always refer to username in original case

Copied from what I wrote on go-gitea#19133 discussion: Handling username case is a very tricky issue and I've already encountered a Mastodon <-> Gitea federation bug due to Gitea considering Ta180m and ta180m to be the same user while Mastodon thinks they are two different users. I think the best way forward is for Gitea to only use the original case version of the username for federation so other AP software don't get confused.

* Move httpsig algs constant slice to modules/setting/federation.go

* Add new federation settings to app.example.ini and config-cheat-sheet

* Return if marshalling error

* Make sure Person IRIs are generated correctly

This commit ensures that if the setting.AppURL is something like "http://127.0.0.1:42567" (like in the integration tests), a trailing slash will be added after that URL.

* If httpsig verification fails, fix Host header and try again

This fixes a very rare bug when Gitea and another AP server (confirmed to happen with Mastodon) are running on the same machine, Gitea fails to verify incoming HTTP signatures. This is because the other AP server creates the sig with the public Gitea domain as the Host. However, when Gitea receives the request, the Host header is instead localhost, so the signature verification fails. Manually changing the host header to the correct value and trying the veification again fixes the bug.


* Revert "If httpsig verification fails, fix Host header and try again"

This reverts commit f53e46c.

The bug was actually caused by nginx messing up the Host header when reverse-proxying since I didn't have the line `proxy_set_header Host $host;` in my nginx config for Gitea.

* Go back to using ap.IRI to generate inbox and outbox IRIs

* use const for key values

* Update routers/web/webfinger.go

* Use ctx.JSON in Person response to make code cleaner

* Revert "Use ctx.JSON in Person response to make code cleaner"

This doesn't work because the ctx.JSON() function already sends the response out and it's too late to edit the headers.

This reverts commit 95aad98.

* Use activitypub.ActivityStreamsContentType for Person response Content Type

* Limit maximum ActivityPub request and response sizes to a configurable setting

* Move setting key constants to models/user/setting_keys.go

* Fix failing ActivityPubPerson integration test by checking the correct field for username

* Add a warning about changing settings that can break federation

* Add better comments

* Don't multiply Federation.MaxSize by 1<<20 twice

* Add more better comments

* Fix failing ActivityPubMissingPerson test

We now use ctx.ContextUser so the message printed out when a user does not exist is slightly different

* make generate-swagger

For some reason I didn't realize that /templates/swagger/v1_json.tmpl was machine-generated by make generate-swagger... I've been editing it by hand for three months! 🤦

* Move getting the RFC 2616 time to a separate function

* More code cleanup

* Update go-ap to fix empty liked collection and removed unneeded HTTP headers

* go mod tidy

* Add ed25519 to httpsig algorithms

* Use go-ap/jsonld to add @context and marshal JSON

* Change Gitea user agent from the default to Gitea/Version

* Use ctx.ServerError and remove all remote interaction code from webfinger.go
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Dec 16, 2022
Sh4kE added a commit to Sh4kE/k8s-projects that referenced this pull request Feb 28, 2023
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [gitea/gitea](https://github.com/go-gitea/gitea) | minor | `1.17.3-rootless` -> `1.18.5-rootless` |

---

### Release Notes

<details>
<summary>go-gitea/gitea</summary>

### [`v1.18.5`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1185-httpsgithubcomgo-giteagiteareleasestagv1185---2023-02-21)

[Compare Source](go-gitea/gitea@v1.18.4...v1.18.5)

-   ENHANCEMENTS
    -   Hide 2FA status from other members in organization members list ([#&#8203;22999](go-gitea/gitea#22999)) ([#&#8203;23023](go-gitea/gitea#23023))
-   BUGFIXES
    -   Add force_merge to merge request and fix checking mergable ([#&#8203;23010](go-gitea/gitea#23010)) ([#&#8203;23032](go-gitea/gitea#23032))
    -   Use `--message=%s` for git commit message ([#&#8203;23028](go-gitea/gitea#23028)) ([#&#8203;23029](go-gitea/gitea#23029))
    -   Render access log template as text instead of HTML ([#&#8203;23013](go-gitea/gitea#23013)) ([#&#8203;23025](go-gitea/gitea#23025))
    -   Fix the Manually Merged form ([#&#8203;23015](go-gitea/gitea#23015)) ([#&#8203;23017](go-gitea/gitea#23017))
    -   Use beforeCommit instead of baseCommit ([#&#8203;22949](go-gitea/gitea#22949)) ([#&#8203;22996](go-gitea/gitea#22996))
    -   Display attachments of review comment when comment content is blank ([#&#8203;23035](go-gitea/gitea#23035)) ([#&#8203;23046](go-gitea/gitea#23046))
    -   Return empty url for submodule tree entries ([#&#8203;23043](go-gitea/gitea#23043)) ([#&#8203;23048](go-gitea/gitea#23048))

### [`v1.18.4`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1184-httpsgithubcomgo-giteagiteareleasestag1184---2023-02-20)

[Compare Source](go-gitea/gitea@v1.18.3...v1.18.4)

-   SECURITY
    -   Provide the ability to set password hash algorithm parameters ([#&#8203;22942](go-gitea/gitea#22942)) ([#&#8203;22943](go-gitea/gitea#22943))
    -   Add command to bulk set must-change-password ([#&#8203;22823](go-gitea/gitea#22823)) ([#&#8203;22928](go-gitea/gitea#22928))
-   ENHANCEMENTS
    -   Use import of OCI structs ([#&#8203;22765](go-gitea/gitea#22765)) ([#&#8203;22805](go-gitea/gitea#22805))
    -   Fix color of tertiary button on dark theme ([#&#8203;22739](go-gitea/gitea#22739)) ([#&#8203;22744](go-gitea/gitea#22744))
    -   Link issue and pull requests status change in UI notifications directly to their event in the timelined view. ([#&#8203;22627](go-gitea/gitea#22627)) ([#&#8203;22642](go-gitea/gitea#22642))
-   BUGFIXES
    -   Notify on container image create ([#&#8203;22806](go-gitea/gitea#22806)) ([#&#8203;22965](go-gitea/gitea#22965))
    -   Fix blame view missing lines ([#&#8203;22826](go-gitea/gitea#22826)) ([#&#8203;22929](go-gitea/gitea#22929))
    -   Fix incorrect role labels for migrated issues and comments ([#&#8203;22914](go-gitea/gitea#22914)) ([#&#8203;22923](go-gitea/gitea#22923))
    -   Fix PR file tree folders no longer collapsing ([#&#8203;22864](go-gitea/gitea#22864)) ([#&#8203;22872](go-gitea/gitea#22872))
    -   Escape filename when assemble URL ([#&#8203;22850](go-gitea/gitea#22850)) ([#&#8203;22871](go-gitea/gitea#22871))
    -   Fix isAllowed of escapeStreamer ([#&#8203;22814](go-gitea/gitea#22814)) ([#&#8203;22837](go-gitea/gitea#22837))
    -   Load issue before accessing index in merge message ([#&#8203;22822](go-gitea/gitea#22822)) ([#&#8203;22830](go-gitea/gitea#22830))
    -   Improve trace logging for pulls and processes ([#&#8203;22633](go-gitea/gitea#22633)) ([#&#8203;22812](go-gitea/gitea#22812))
    -   Fix restore repo bug, clarify the problem of ForeignIndex ([#&#8203;22776](go-gitea/gitea#22776)) ([#&#8203;22794](go-gitea/gitea#22794))
    -   Add default user visibility to cli command "admin user create" ([#&#8203;22750](go-gitea/gitea#22750)) ([#&#8203;22760](go-gitea/gitea#22760))
    -   Escape path for the file list ([#&#8203;22741](go-gitea/gitea#22741)) ([#&#8203;22757](go-gitea/gitea#22757))
    -   Fix bugs with WebAuthn preventing sign in and registration. ([#&#8203;22651](go-gitea/gitea#22651)) ([#&#8203;22721](go-gitea/gitea#22721))
    -   Add missing close bracket in imagediff ([#&#8203;22710](go-gitea/gitea#22710)) ([#&#8203;22712](go-gitea/gitea#22712))
    -   Move code comments to a standalone file and fix the bug when adding a reply to an outdated review appears to not post([#&#8203;20821](go-gitea/gitea#20821)) ([#&#8203;22707](go-gitea/gitea#22707))
    -   Fix line spacing for plaintext previews ([#&#8203;22699](go-gitea/gitea#22699)) ([#&#8203;22701](go-gitea/gitea#22701))
    -   Fix wrong hint when deleting a branch successfully from pull request UI ([#&#8203;22673](go-gitea/gitea#22673)) ([#&#8203;22698](go-gitea/gitea#22698))
    -   Fix README TOC links ([#&#8203;22577](go-gitea/gitea#22577)) ([#&#8203;22677](go-gitea/gitea#22677))
    -   Fix missing message in git hook when pull requests disabled on fork ([#&#8203;22625](go-gitea/gitea#22625)) ([#&#8203;22658](go-gitea/gitea#22658))
    -   Improve checkIfPRContentChanged ([#&#8203;22611](go-gitea/gitea#22611)) ([#&#8203;22644](go-gitea/gitea#22644))
    -   Prevent duplicate labels when importing more than 99 ([#&#8203;22591](go-gitea/gitea#22591)) ([#&#8203;22598](go-gitea/gitea#22598))
    -   Don't return duplicated users who can create org repo ([#&#8203;22560](go-gitea/gitea#22560)) ([#&#8203;22562](go-gitea/gitea#22562))
-   BUILD
    -   Upgrade golangcilint to v1.51.0 ([#&#8203;22764](go-gitea/gitea#22764))
-   MISC
    -   Use proxy for pull mirror ([#&#8203;22771](go-gitea/gitea#22771)) ([#&#8203;22772](go-gitea/gitea#22772))
    -   Use `--index-url` in PyPi description ([#&#8203;22620](go-gitea/gitea#22620)) ([#&#8203;22636](go-gitea/gitea#22636))

### [`v1.18.3`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1183-httpsgithubcomgo-giteagiteareleasestagv1183---2023-01-23)

[Compare Source](go-gitea/gitea@v1.18.2...v1.18.3)

-   SECURITY
    -   Prevent multiple `To` recipients ([#&#8203;22566](go-gitea/gitea#22566)) ([#&#8203;22569](go-gitea/gitea#22569))
-   BUGFIXES
    -   Truncate commit summary on repo files table. ([#&#8203;22551](go-gitea/gitea#22551)) ([#&#8203;22552](go-gitea/gitea#22552))
    -   Mute all links in issue timeline ([#&#8203;22534](go-gitea/gitea#22534))

### [`v1.18.2`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1182-httpsgithubcomgo-giteagiteareleasestagv1182---2023-01-19)

[Compare Source](go-gitea/gitea@v1.18.1...v1.18.2)

-   BUGFIXES
    -   Fix issue not auto-closing when it includes a reference to a branch ([#&#8203;22514](go-gitea/gitea#22514)) ([#&#8203;22521](go-gitea/gitea#22521))
    -   Fix invalid issue branch reference if not specified in template ([#&#8203;22513](go-gitea/gitea#22513)) ([#&#8203;22520](go-gitea/gitea#22520))
    -   Fix 500 error viewing pull request when fork has pull requests disabled ([#&#8203;22512](go-gitea/gitea#22512)) ([#&#8203;22515](go-gitea/gitea#22515))
    -   Reliable selection of admin user ([#&#8203;22509](go-gitea/gitea#22509)) ([#&#8203;22511](go-gitea/gitea#22511))
    -   Set disable_gravatar/enable_federated_avatar when offline mode is true ([#&#8203;22479](go-gitea/gitea#22479)) ([#&#8203;22496](go-gitea/gitea#22496))
-   BUILD
    -   cgo cross-compile for freebsd ([#&#8203;22397](go-gitea/gitea#22397)) ([#&#8203;22519](go-gitea/gitea#22519))

### [`v1.18.1`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1181-httpsgithubcomgo-giteagiteareleasestagv1181---2023-01-17)

[Compare Source](go-gitea/gitea@v1.18.0...v1.18.1)

-   API
    -   Add `sync_on_commit` option for push mirrors api ([#&#8203;22271](go-gitea/gitea#22271)) ([#&#8203;22292](go-gitea/gitea#22292))
-   BUGFIXES
    -   Update `github.com/zeripath/zapx/v15` ([#&#8203;22485](go-gitea/gitea#22485))
    -   Fix pull request API field `closed_at` always being `null` ([#&#8203;22482](go-gitea/gitea#22482)) ([#&#8203;22483](go-gitea/gitea#22483))
    -   Fix container blob mount ([#&#8203;22226](go-gitea/gitea#22226)) ([#&#8203;22476](go-gitea/gitea#22476))
    -   Fix error when calculating repository size ([#&#8203;22392](go-gitea/gitea#22392)) ([#&#8203;22474](go-gitea/gitea#22474))
    -   Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS ([#&#8203;22454](go-gitea/gitea#22454)) ([#&#8203;22472](go-gitea/gitea#22472))
    -   Fix environments for KaTeX and error reporting ([#&#8203;22453](go-gitea/gitea#22453)) ([#&#8203;22473](go-gitea/gitea#22473))
    -   Remove the netgo tag for Windows build ([#&#8203;22467](go-gitea/gitea#22467)) ([#&#8203;22468](go-gitea/gitea#22468))
    -   Fix migration from GitBucket ([#&#8203;22477](go-gitea/gitea#22477)) ([#&#8203;22465](go-gitea/gitea#22465))
    -   Prevent panic on looking at api "git" endpoints for empty repos ([#&#8203;22457](go-gitea/gitea#22457)) ([#&#8203;22458](go-gitea/gitea#22458))
    -   Fix PR status layout on mobile ([#&#8203;21547](go-gitea/gitea#21547)) ([#&#8203;22441](go-gitea/gitea#22441))
    -   Fix wechatwork webhook sends empty content in PR review ([#&#8203;21762](go-gitea/gitea#21762)) ([#&#8203;22440](go-gitea/gitea#22440))
    -   Remove duplicate "Actions" label in mobile view ([#&#8203;21974](go-gitea/gitea#21974)) ([#&#8203;22439](go-gitea/gitea#22439))
    -   Fix leaving organization bug on user settings -> orgs ([#&#8203;21983](go-gitea/gitea#21983)) ([#&#8203;22438](go-gitea/gitea#22438))
    -   Fixed colour transparency regex matching in project board sorting ([#&#8203;22092](go-gitea/gitea#22092)) ([#&#8203;22437](go-gitea/gitea#22437))
    -   Correctly handle select on multiple channels in Queues ([#&#8203;22146](go-gitea/gitea#22146)) ([#&#8203;22428](go-gitea/gitea#22428))
    -   Prepend refs/heads/ to issue template refs ([#&#8203;20461](go-gitea/gitea#20461)) ([#&#8203;22427](go-gitea/gitea#22427))
    -   Restore function to "Show more" buttons ([#&#8203;22399](go-gitea/gitea#22399)) ([#&#8203;22426](go-gitea/gitea#22426))
    -   Continue GCing other repos on error in one repo ([#&#8203;22422](go-gitea/gitea#22422)) ([#&#8203;22425](go-gitea/gitea#22425))
    -   Allow HOST has no port ([#&#8203;22280](go-gitea/gitea#22280)) ([#&#8203;22409](go-gitea/gitea#22409))
    -   Fix omit avatar_url in discord payload when empty ([#&#8203;22393](go-gitea/gitea#22393)) ([#&#8203;22394](go-gitea/gitea#22394))
    -   Don't display stop watch top bar icon when disabled and hidden when click other place ([#&#8203;22374](go-gitea/gitea#22374)) ([#&#8203;22387](go-gitea/gitea#22387))
    -   Don't lookup mail server when using sendmail ([#&#8203;22300](go-gitea/gitea#22300)) ([#&#8203;22383](go-gitea/gitea#22383))
    -   Fix gravatar disable bug ([#&#8203;22337](go-gitea/gitea#22337))
    -   Fix update settings table on install ([#&#8203;22326](go-gitea/gitea#22326)) ([#&#8203;22327](go-gitea/gitea#22327))
    -   Fix sitemap ([#&#8203;22272](go-gitea/gitea#22272)) ([#&#8203;22320](go-gitea/gitea#22320))
    -   Fix code search title translation ([#&#8203;22285](go-gitea/gitea#22285)) ([#&#8203;22316](go-gitea/gitea#22316))
    -   Fix due date rendering the wrong date in issue ([#&#8203;22302](go-gitea/gitea#22302)) ([#&#8203;22306](go-gitea/gitea#22306))
    -   Fix get system setting bug when enabled redis cache ([#&#8203;22298](go-gitea/gitea#22298))
    -   Fix bug of DisableGravatar default value ([#&#8203;22297](go-gitea/gitea#22297))
    -   Fix key signature error page ([#&#8203;22229](go-gitea/gitea#22229)) ([#&#8203;22230](go-gitea/gitea#22230))
-   TESTING
    -   Remove test session cache to reduce possible concurrent problem ([#&#8203;22199](go-gitea/gitea#22199)) ([#&#8203;22429](go-gitea/gitea#22429))
-   MISC
    -   Restore previous official review when an official review is deleted ([#&#8203;22449](go-gitea/gitea#22449)) ([#&#8203;22460](go-gitea/gitea#22460))
    -   Log STDERR of external renderer when it fails ([#&#8203;22442](go-gitea/gitea#22442)) ([#&#8203;22444](go-gitea/gitea#22444))

### [`v1.18.0`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1180-httpsgithubcomgo-giteagiteareleasestagv1180---2022-12-29)

[Compare Source](go-gitea/gitea@v1.17.4...v1.18.0)

-   SECURITY
    -   Remove ReverseProxy authentication from the API ([#&#8203;22219](go-gitea/gitea#22219)) ([#&#8203;22251](go-gitea/gitea#22251))
    -   Support Go Vulnerability Management ([#&#8203;21139](go-gitea/gitea#21139))
    -   Forbid HTML string tooltips ([#&#8203;20935](go-gitea/gitea#20935))
-   BREAKING
    -   Rework mailer settings ([#&#8203;18982](go-gitea/gitea#18982))
    -   Remove U2F support ([#&#8203;20141](go-gitea/gitea#20141))
    -   Refactor `i18n` to `locale` ([#&#8203;20153](go-gitea/gitea#20153))
    -   Enable contenthash in filename for dynamic assets ([#&#8203;20813](go-gitea/gitea#20813))
-   FEATURES
    -   Add color previews in markdown ([#&#8203;21474](go-gitea/gitea#21474))
    -   Allow package version sorting ([#&#8203;21453](go-gitea/gitea#21453))
    -   Add support for Chocolatey/NuGet v2 API ([#&#8203;21393](go-gitea/gitea#21393))
    -   Add API endpoint to get changed files of a PR ([#&#8203;21177](go-gitea/gitea#21177))
    -   Add filetree on left of diff view ([#&#8203;21012](go-gitea/gitea#21012))
    -   Support Issue forms and PR forms ([#&#8203;20987](go-gitea/gitea#20987))
    -   Add support for Vagrant packages ([#&#8203;20930](go-gitea/gitea#20930))
    -   Add support for `npm unpublish` ([#&#8203;20688](go-gitea/gitea#20688))
    -   Add badge capabilities to users ([#&#8203;20607](go-gitea/gitea#20607))
    -   Add issue filter for Author ([#&#8203;20578](go-gitea/gitea#20578))
    -   Add KaTeX rendering to Markdown. ([#&#8203;20571](go-gitea/gitea#20571))
    -   Add support for Pub packages ([#&#8203;20560](go-gitea/gitea#20560))
    -   Support localized README ([#&#8203;20508](go-gitea/gitea#20508))
    -   Add support mCaptcha as captcha provider ([#&#8203;20458](go-gitea/gitea#20458))
    -   Add team member invite by email ([#&#8203;20307](go-gitea/gitea#20307))
    -   Added email notification option to receive all own messages ([#&#8203;20179](go-gitea/gitea#20179))
    -   Switch Unicode Escaping to a VSCode-like system ([#&#8203;19990](go-gitea/gitea#19990))
    -   Add user/organization code search ([#&#8203;19977](go-gitea/gitea#19977))
    -   Only show relevant repositories on explore page ([#&#8203;19361](go-gitea/gitea#19361))
    -   User keypairs and HTTP signatures for ActivityPub federation using go-ap ([#&#8203;19133](go-gitea/gitea#19133))
    -   Add sitemap support ([#&#8203;18407](go-gitea/gitea#18407))
    -   Allow creation of OAuth2 applications for orgs ([#&#8203;18084](go-gitea/gitea#18084))
    -   Add system setting table with cache and also add cache supports for user setting ([#&#8203;18058](go-gitea/gitea#18058))
    -   Add pages to view watched repos and subscribed issues/PRs ([#&#8203;17156](go-gitea/gitea#17156))
    -   Support Proxy protocol ([#&#8203;12527](go-gitea/gitea#12527))
    -   Implement sync push mirror on commit ([#&#8203;19411](go-gitea/gitea#19411))
-   API
    -   Allow empty assignees on pull request edit ([#&#8203;22150](go-gitea/gitea#22150)) ([#&#8203;22214](go-gitea/gitea#22214))
    -   Make external issue tracker regexp configurable via API ([#&#8203;21338](go-gitea/gitea#21338))
    -   Add name field for org api ([#&#8203;21270](go-gitea/gitea#21270))
    -   Show teams with no members if user is admin ([#&#8203;21204](go-gitea/gitea#21204))
    -   Add latest commit's SHA to content response ([#&#8203;20398](go-gitea/gitea#20398))
    -   Add allow_rebase_update, default_delete_branch_after_merge to repository api response ([#&#8203;20079](go-gitea/gitea#20079))
    -   Add new endpoints for push mirrors management ([#&#8203;19841](go-gitea/gitea#19841))
-   ENHANCEMENTS
    -   Add setting to disable the git apply step in test patch ([#&#8203;22130](go-gitea/gitea#22130)) ([#&#8203;22170](go-gitea/gitea#22170))
    -   Multiple improvements for comment edit diff ([#&#8203;21990](go-gitea/gitea#21990)) ([#&#8203;22007](go-gitea/gitea#22007))
    -   Fix button in branch list, avoid unexpected page jump before restore branch actually done ([#&#8203;21562](go-gitea/gitea#21562)) ([#&#8203;21928](go-gitea/gitea#21928))
    -   Fix flex layout for repo list icons ([#&#8203;21896](go-gitea/gitea#21896)) ([#&#8203;21920](go-gitea/gitea#21920))
    -   Fix vertical align of committer avatar rendered by email address ([#&#8203;21884](go-gitea/gitea#21884)) ([#&#8203;21918](go-gitea/gitea#21918))
    -   Fix setting HTTP headers after write ([#&#8203;21833](go-gitea/gitea#21833)) ([#&#8203;21877](go-gitea/gitea#21877))
    -   Color and Style enhancements ([#&#8203;21784](go-gitea/gitea#21784), [#&#8203;21799](go-gitea/gitea#21799)) ([#&#8203;21868](go-gitea/gitea#21868))
    -   Ignore line anchor links with leading zeroes ([#&#8203;21728](go-gitea/gitea#21728)) ([#&#8203;21776](go-gitea/gitea#21776))
    -   Quick fixes monaco-editor error: "vs.editor.nullLanguage" ([#&#8203;21734](go-gitea/gitea#21734)) ([#&#8203;21738](go-gitea/gitea#21738))
    -   Use CSS color-scheme instead of invert ([#&#8203;21616](go-gitea/gitea#21616)) ([#&#8203;21623](go-gitea/gitea#21623))
    -   Respect user's locale when rendering the date range in the repo activity page ([#&#8203;21410](go-gitea/gitea#21410))
    -   Change `commits-table` column width ([#&#8203;21564](go-gitea/gitea#21564))
    -   Refactor git command arguments and make all arguments to be safe to be used ([#&#8203;21535](go-gitea/gitea#21535))
    -   CSS color enhancements ([#&#8203;21534](go-gitea/gitea#21534))
    -   Add link to user profile in markdown mention only if user exists ([#&#8203;21533](go-gitea/gitea#21533), [#&#8203;21554](go-gitea/gitea#21554))
    -   Add option to skip index dirs ([#&#8203;21501](go-gitea/gitea#21501))
    -   Diff file tree tweaks ([#&#8203;21446](go-gitea/gitea#21446))
    -   Localize all timestamps ([#&#8203;21440](go-gitea/gitea#21440))
    -   Add `code` highlighting in issue titles ([#&#8203;21432](go-gitea/gitea#21432))
    -   Use Name instead of DisplayName in LFS Lock ([#&#8203;21415](go-gitea/gitea#21415))
    -   Consolidate more CSS colors into variables ([#&#8203;21402](go-gitea/gitea#21402))
    -   Redirect to new repository owner ([#&#8203;21398](go-gitea/gitea#21398))
    -   Use ISO date format instead of hard-coded English date format for date range in repo activity page ([#&#8203;21396](go-gitea/gitea#21396))
    -   Use weighted algorithm for string matching when finding files in repo ([#&#8203;21370](go-gitea/gitea#21370))
    -   Show private data in feeds ([#&#8203;21369](go-gitea/gitea#21369))
    -   Refactor parseTreeEntries, speed up tree list ([#&#8203;21368](go-gitea/gitea#21368))
    -   Add GET and DELETE endpoints for Docker blob uploads ([#&#8203;21367](go-gitea/gitea#21367))
    -   Add nicer error handling on template compile errors ([#&#8203;21350](go-gitea/gitea#21350))
    -   Add `stat` to `ToCommit` function for speed ([#&#8203;21337](go-gitea/gitea#21337))
    -   Support instance-wide OAuth2 applications ([#&#8203;21335](go-gitea/gitea#21335))
    -   Record OAuth client type at registration ([#&#8203;21316](go-gitea/gitea#21316))
    -   Add new CSS variables --color-accent and --color-small-accent ([#&#8203;21305](go-gitea/gitea#21305))
    -   Improve error descriptions for unauthorized_client ([#&#8203;21292](go-gitea/gitea#21292))
    -   Case-insensitive "find files in repo" ([#&#8203;21269](go-gitea/gitea#21269))
    -   Consolidate more CSS rules, fix inline code on arc-green ([#&#8203;21260](go-gitea/gitea#21260))
    -   Log real ip of requests from ssh ([#&#8203;21216](go-gitea/gitea#21216))
    -   Save files in local storage as group readable ([#&#8203;21198](go-gitea/gitea#21198))
    -   Enable fluid page layout on medium size viewports ([#&#8203;21178](go-gitea/gitea#21178))
    -   File header tweaks ([#&#8203;21175](go-gitea/gitea#21175))
    -   Added missing headers on user packages page ([#&#8203;21172](go-gitea/gitea#21172))
    -   Display image digest for container packages ([#&#8203;21170](go-gitea/gitea#21170))
    -   Skip dirty check for team forms ([#&#8203;21154](go-gitea/gitea#21154))
    -   Keep path when creating a new branch ([#&#8203;21153](go-gitea/gitea#21153))
    -   Remove fomantic image module ([#&#8203;21145](go-gitea/gitea#21145))
    -   Make labels clickable in the comments section. ([#&#8203;21137](go-gitea/gitea#21137))
    -   Sort branches and tags by date descending ([#&#8203;21136](go-gitea/gitea#21136))
    -   Better repo API unit checks ([#&#8203;21130](go-gitea/gitea#21130))
    -   Improve commit status icons ([#&#8203;21124](go-gitea/gitea#21124))
    -   Limit length of repo description and repo url input fields ([#&#8203;21119](go-gitea/gitea#21119))
    -   Show .editorconfig errors in frontend ([#&#8203;21088](go-gitea/gitea#21088))
    -   Allow poster to choose reviewers ([#&#8203;21084](go-gitea/gitea#21084))
    -   Remove black labels and CSS cleanup ([#&#8203;21003](go-gitea/gitea#21003))
    -   Make e-mail sanity check more precise ([#&#8203;20991](go-gitea/gitea#20991))
    -   Use native inputs in whitespace dropdown ([#&#8203;20980](go-gitea/gitea#20980))
    -   Enhance package date display ([#&#8203;20928](go-gitea/gitea#20928))
    -   Display total blob size of a package version ([#&#8203;20927](go-gitea/gitea#20927))
    -   Show language name on hover ([#&#8203;20923](go-gitea/gitea#20923))
    -   Show instructions for all generic package files ([#&#8203;20917](go-gitea/gitea#20917))
    -   Refactor AssertExistsAndLoadBean to use generics ([#&#8203;20797](go-gitea/gitea#20797))
    -   Move the official website link at the footer of gitea ([#&#8203;20777](go-gitea/gitea#20777))
    -   Add support for full name in reverse proxy auth ([#&#8203;20776](go-gitea/gitea#20776))
    -   Remove useless JS operation for relative time tooltips ([#&#8203;20756](go-gitea/gitea#20756))
    -   Replace some icons with SVG ([#&#8203;20741](go-gitea/gitea#20741))
    -   Change commit status icons to SVG ([#&#8203;20736](go-gitea/gitea#20736))
    -   Improve single repo action for issue and pull requests ([#&#8203;20730](go-gitea/gitea#20730))
    -   Allow multiple files in generic packages ([#&#8203;20661](go-gitea/gitea#20661))
    -   Add option to create new issue from /issues page ([#&#8203;20650](go-gitea/gitea#20650))
    -   Background color of private list-items updated ([#&#8203;20630](go-gitea/gitea#20630))
    -   Added search input field to issue filter ([#&#8203;20623](go-gitea/gitea#20623))
    -   Increase default item listing size `ISSUE_PAGING_NUM` to 20 ([#&#8203;20547](go-gitea/gitea#20547))
    -   Modify milestone search keywords to be case insensitive again ([#&#8203;20513](go-gitea/gitea#20513))
    -   Show hint to link package to repo when viewing empty repo package list ([#&#8203;20504](go-gitea/gitea#20504))
    -   Add Tar ZSTD support ([#&#8203;20493](go-gitea/gitea#20493))
    -   Make code review checkboxes clickable ([#&#8203;20481](go-gitea/gitea#20481))
    -   Add "X-Gitea-Object-Type" header for GET `/raw/` & `/media/` API ([#&#8203;20438](go-gitea/gitea#20438))
    -   Display project in issue list ([#&#8203;20434](go-gitea/gitea#20434))
    -   Prepend commit message to template content when opening a new PR ([#&#8203;20429](go-gitea/gitea#20429))
    -   Replace fomantic popup module with tippy.js ([#&#8203;20428](go-gitea/gitea#20428))
    -   Allow to specify colors for text in markup ([#&#8203;20363](go-gitea/gitea#20363))
    -   Allow access to the Public Organization Member lists with minimal permissions ([#&#8203;20330](go-gitea/gitea#20330))
    -   Use default values when provided values are empty ([#&#8203;20318](go-gitea/gitea#20318))
    -   Vertical align navbar avatar at middle ([#&#8203;20302](go-gitea/gitea#20302))
    -   Delete cancel button in repo creation page ([#&#8203;21381](go-gitea/gitea#21381))
    -   Include login_name in adminCreateUser response ([#&#8203;20283](go-gitea/gitea#20283))
    -   fix: icon margin in user/settings/repos ([#&#8203;20281](go-gitea/gitea#20281))
    -   Remove blue text on migrate page ([#&#8203;20273](go-gitea/gitea#20273))
    -   Modify milestone search keywords to be case insensitive ([#&#8203;20266](go-gitea/gitea#20266))
    -   Move some files into models' sub packages ([#&#8203;20262](go-gitea/gitea#20262))
    -   Add tooltip to repo icons in explore page ([#&#8203;20241](go-gitea/gitea#20241))
    -   Remove deprecated licenses ([#&#8203;20222](go-gitea/gitea#20222))
    -   Webhook for Wiki changes ([#&#8203;20219](go-gitea/gitea#20219))
    -   Share HTML template renderers and create a watcher framework ([#&#8203;20218](go-gitea/gitea#20218))
    -   Allow enable LDAP source and disable user sync via CLI ([#&#8203;20206](go-gitea/gitea#20206))
    -   Adds a checkbox to select all issues/PRs ([#&#8203;20177](go-gitea/gitea#20177))
    -   Refactor `i18n` to `locale` ([#&#8203;20153](go-gitea/gitea#20153))
    -   Disable status checks in template if none found ([#&#8203;20088](go-gitea/gitea#20088))
    -   Allow manager logging to set SQL ([#&#8203;20064](go-gitea/gitea#20064))
    -   Add order by for assignee no sort issue ([#&#8203;20053](go-gitea/gitea#20053))
    -   Take a stab at porting existing components to Vue3 ([#&#8203;20044](go-gitea/gitea#20044))
    -   Add doctor command to write commit-graphs ([#&#8203;20007](go-gitea/gitea#20007))
    -   Add support for authentication based on reverse proxy email ([#&#8203;19949](go-gitea/gitea#19949))
    -   Enable spellcheck for EasyMDE, use contenteditable mode ([#&#8203;19776](go-gitea/gitea#19776))
    -   Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI ([#&#8203;19663](go-gitea/gitea#19663))
    -   Rework mailer settings ([#&#8203;18982](go-gitea/gitea#18982))
    -   Add option to purge users ([#&#8203;18064](go-gitea/gitea#18064))
    -   Add author search input ([#&#8203;21246](go-gitea/gitea#21246))
    -   Make rss/atom identifier globally unique ([#&#8203;21550](go-gitea/gitea#21550))
-   BUGFIXES
    -   Auth interface return error when verify failure ([#&#8203;22119](go-gitea/gitea#22119)) ([#&#8203;22259](go-gitea/gitea#22259))
    -   Use complete SHA to create and query commit status ([#&#8203;22244](go-gitea/gitea#22244)) ([#&#8203;22257](go-gitea/gitea#22257))
    -   Update bleve and zapx to fix unaligned atomic ([#&#8203;22031](go-gitea/gitea#22031)) ([#&#8203;22218](go-gitea/gitea#22218))
    -   Prevent panic in doctor command when running default checks ([#&#8203;21791](go-gitea/gitea#21791)) ([#&#8203;21807](go-gitea/gitea#21807))
    -   Load GitRepo in API before deleting issue ([#&#8203;21720](go-gitea/gitea#21720)) ([#&#8203;21796](go-gitea/gitea#21796))
    -   Ignore line anchor links with leading zeroes ([#&#8203;21728](go-gitea/gitea#21728)) ([#&#8203;21776](go-gitea/gitea#21776))
    -   Set last login when activating account ([#&#8203;21731](go-gitea/gitea#21731)) ([#&#8203;21755](go-gitea/gitea#21755))
    -   Fix UI language switching bug ([#&#8203;21597](go-gitea/gitea#21597)) ([#&#8203;21749](go-gitea/gitea#21749))
    -   Quick fixes monaco-editor error: "vs.editor.nullLanguage" ([#&#8203;21734](go-gitea/gitea#21734)) ([#&#8203;21738](go-gitea/gitea#21738))
    -   Allow local package identifiers for PyPI packages ([#&#8203;21690](go-gitea/gitea#21690)) ([#&#8203;21727](go-gitea/gitea#21727))
    -   Deal with markdown template without metadata ([#&#8203;21639](go-gitea/gitea#21639)) ([#&#8203;21654](go-gitea/gitea#21654))
    -   Fix opaque background on mermaid diagrams ([#&#8203;21642](go-gitea/gitea#21642)) ([#&#8203;21652](go-gitea/gitea#21652))
    -   Fix repository adoption on Windows ([#&#8203;21646](go-gitea/gitea#21646)) ([#&#8203;21650](go-gitea/gitea#21650))
    -   Sync git hooks when config file path changed ([#&#8203;21619](go-gitea/gitea#21619)) ([#&#8203;21626](go-gitea/gitea#21626))
    -   Fix 500 on PR files API ([#&#8203;21602](go-gitea/gitea#21602)) ([#&#8203;21607](go-gitea/gitea#21607))
    -   Fix `Timestamp.IsZero` ([#&#8203;21593](go-gitea/gitea#21593)) ([#&#8203;21603](go-gitea/gitea#21603))
    -   Fix viewing user subscriptions ([#&#8203;21482](go-gitea/gitea#21482))
    -   Fix mermaid-related bugs ([#&#8203;21431](go-gitea/gitea#21431))
    -   Fix branch dropdown shifting on page load ([#&#8203;21428](go-gitea/gitea#21428))
    -   Fix default theme-auto selector when nologin ([#&#8203;21346](go-gitea/gitea#21346))
    -   Fix and improve incorrect error messages ([#&#8203;21342](go-gitea/gitea#21342))
    -   Fix formatted link for PR review notifications to matrix ([#&#8203;21319](go-gitea/gitea#21319))
    -   Center-aligning content of WebAuthN page ([#&#8203;21127](go-gitea/gitea#21127))
    -   Remove follow from commits by file ([#&#8203;20765](go-gitea/gitea#20765))
    -   Fix commit status popup ([#&#8203;20737](go-gitea/gitea#20737))
    -   Fix init mail render logic ([#&#8203;20704](go-gitea/gitea#20704))
    -   Use correct page size for link header pagination ([#&#8203;20546](go-gitea/gitea#20546))
    -   Preserve unix socket file ([#&#8203;20499](go-gitea/gitea#20499))
    -   Use tippy.js for context popup ([#&#8203;20393](go-gitea/gitea#20393))
    -   Add missing parameter for error in log message ([#&#8203;20144](go-gitea/gitea#20144))
    -   Do not allow organisation owners add themselves as collaborator ([#&#8203;20043](go-gitea/gitea#20043))
    -   Rework file highlight rendering and fix yaml copy-paste ([#&#8203;19967](go-gitea/gitea#19967))
    -   Improve code diff highlight, fix incorrect rendered diff result ([#&#8203;19958](go-gitea/gitea#19958))
-   TESTING
    -   Improve OAuth integration tests ([#&#8203;21390](go-gitea/gitea#21390))
    -   Add playwright tests ([#&#8203;20123](go-gitea/gitea#20123))
-   BUILD
    -   Switch to building with go1.19 ([#&#8203;20695](go-gitea/gitea#20695))
    -   Update JS dependencies, adjust eslint ([#&#8203;20659](go-gitea/gitea#20659))
    -   Add more linters to improve code readability ([#&#8203;19989](go-gitea/gitea#19989))

### [`v1.17.4`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1174-httpsgithubcomgo-giteagiteareleasestagv1174---2022-12-21)

[Compare Source](go-gitea/gitea@v1.17.3...v1.17.4)

-   SECURITY
    -   Do not allow Ghost access to limited visible user/org ([#&#8203;21849](go-gitea/gitea#21849)) ([#&#8203;21875](go-gitea/gitea#21875))
    -   Fix package access for admins and inactive users ([#&#8203;21580](go-gitea/gitea#21580)) ([#&#8203;21592](go-gitea/gitea#21592))
-   ENHANCEMENTS
    -   Fix button in branch list, avoid unexpected page jump before restore branch actually done ([#&#8203;21562](go-gitea/gitea#21562)) ([#&#8203;21927](go-gitea/gitea#21927))
    -   Fix vertical align of committer avatar rendered by email address ([#&#8203;21884](go-gitea/gitea#21884)) ([#&#8203;21919](go-gitea/gitea#21919))
    -   Fix setting HTTP headers after write ([#&#8203;21833](go-gitea/gitea#21833)) ([#&#8203;21874](go-gitea/gitea#21874))
    -   Ignore line anchor links with leading zeroes ([#&#8203;21728](go-gitea/gitea#21728)) ([#&#8203;21777](go-gitea/gitea#21777))
    -   Enable Monaco automaticLayout ([#&#8203;21516](go-gitea/gitea#21516))
-   BUGFIXES
    -   Do not list active repositories as unadopted ([#&#8203;22034](go-gitea/gitea#22034)) ([#&#8203;22167](go-gitea/gitea#22167))
    -   Correctly handle moved files in apply patch ([#&#8203;22118](go-gitea/gitea#22118)) ([#&#8203;22136](go-gitea/gitea#22136))
    -   Fix condition for is_internal ([#&#8203;22095](go-gitea/gitea#22095)) ([#&#8203;22131](go-gitea/gitea#22131))
    -   Fix permission check on issue/pull lock ([#&#8203;22114](go-gitea/gitea#22114))
    -   Fix sorting admin user list by last login ([#&#8203;22081](go-gitea/gitea#22081)) ([#&#8203;22106](go-gitea/gitea#22106))
    -   Workaround for container registry push/pull errors ([#&#8203;21862](go-gitea/gitea#21862)) ([#&#8203;22069](go-gitea/gitea#22069))
    -   Fix issue/PR numbers ([#&#8203;22037](go-gitea/gitea#22037)) ([#&#8203;22045](go-gitea/gitea#22045))
    -   Handle empty author names ([#&#8203;21902](go-gitea/gitea#21902)) ([#&#8203;22028](go-gitea/gitea#22028))
    -   Fix ListBranches to handle empty case ([#&#8203;21921](go-gitea/gitea#21921)) ([#&#8203;22025](go-gitea/gitea#22025))
    -   Fix enabling partial clones on 1.17 ([#&#8203;21809](go-gitea/gitea#21809))
    -   Prevent panic in doctor command when running default checks ([#&#8203;21791](go-gitea/gitea#21791)) ([#&#8203;21808](go-gitea/gitea#21808))
    -   Upgrade golang.org/x/crypto ([#&#8203;21792](go-gitea/gitea#21792)) ([#&#8203;21794](go-gitea/gitea#21794))
    -   Init git module before database migration ([#&#8203;21764](go-gitea/gitea#21764)) ([#&#8203;21766](go-gitea/gitea#21766))
    -   Set last login when activating account ([#&#8203;21731](go-gitea/gitea#21731)) ([#&#8203;21754](go-gitea/gitea#21754))
    -   Add HEAD fix to gitea doctor ([#&#8203;21352](go-gitea/gitea#21352)) ([#&#8203;21751](go-gitea/gitea#21751))
    -   Fix UI language switching bug ([#&#8203;21597](go-gitea/gitea#21597)) ([#&#8203;21748](go-gitea/gitea#21748))
    -   Remove semver compatible flag and change pypi to an array of test cases ([#&#8203;21708](go-gitea/gitea#21708)) ([#&#8203;21729](go-gitea/gitea#21729))
    -   Allow local package identifiers for PyPI packages ([#&#8203;21690](go-gitea/gitea#21690)) ([#&#8203;21726](go-gitea/gitea#21726))
    -   Fix repository adoption on Windows ([#&#8203;21646](go-gitea/gitea#21646)) ([#&#8203;21651](go-gitea/gitea#21651))
    -   Sync git hooks when config file path changed ([#&#8203;21619](go-gitea/gitea#21619)) ([#&#8203;21625](go-gitea/gitea#21625))
    -   Added check for disabled Packages ([#&#8203;21540](go-gitea/gitea#21540)) ([#&#8203;21614](go-gitea/gitea#21614))
    -   Fix `Timestamp.IsZero` ([#&#8203;21593](go-gitea/gitea#21593)) ([#&#8203;21604](go-gitea/gitea#21604))
    -   Fix issues count bug ([#&#8203;21600](go-gitea/gitea#21600))
    -   Support binary deploy in npm packages ([#&#8203;21589](go-gitea/gitea#21589))
    -   Update milestone counters when issue is deleted ([#&#8203;21459](go-gitea/gitea#21459)) ([#&#8203;21586](go-gitea/gitea#21586))
    -   SessionUser protection against nil pointer dereference ([#&#8203;21581](go-gitea/gitea#21581))
    -   Case-insensitive NuGet symbol file GUID ([#&#8203;21409](go-gitea/gitea#21409)) ([#&#8203;21575](go-gitea/gitea#21575))
    -   Suppress `ExternalLoginUserNotExist` error ([#&#8203;21504](go-gitea/gitea#21504)) ([#&#8203;21572](go-gitea/gitea#21572))
    -   Prevent Authorization header for presigned LFS urls ([#&#8203;21531](go-gitea/gitea#21531)) ([#&#8203;21569](go-gitea/gitea#21569))
    -   Update binding to fix bugs ([#&#8203;21560](go-gitea/gitea#21560))
    -   Fix generating compare link ([#&#8203;21519](go-gitea/gitea#21519)) ([#&#8203;21530](go-gitea/gitea#21530))
    -   Ignore error when retrieving changed PR review files ([#&#8203;21487](go-gitea/gitea#21487)) ([#&#8203;21524](go-gitea/gitea#21524))
    -   Fix incorrect notification commit url ([#&#8203;21479](go-gitea/gitea#21479)) ([#&#8203;21483](go-gitea/gitea#21483))
    -   Display total commit count in hook message ([#&#8203;21400](go-gitea/gitea#21400)) ([#&#8203;21481](go-gitea/gitea#21481))
    -   Enforce grouped NuGet search results ([#&#8203;21442](go-gitea/gitea#21442)) ([#&#8203;21480](go-gitea/gitea#21480))
    -   Return 404 when user is not found on avatar ([#&#8203;21476](go-gitea/gitea#21476)) ([#&#8203;21477](go-gitea/gitea#21477))
    -   Normalize NuGet package version on upload ([#&#8203;22186](go-gitea/gitea#22186)) ([#&#8203;22201](go-gitea/gitea#22201))
-   MISC
    -   Check for zero time instant in TimeStamp.IsZero() ([#&#8203;22171](go-gitea/gitea#22171)) ([#&#8203;22173](go-gitea/gitea#22173))
    -   Fix warn in database structs sync ([#&#8203;22111](go-gitea/gitea#22111))
    -   Allow for resolution of NPM registry paths that match upstream ([#&#8203;21568](go-gitea/gitea#21568)) ([#&#8203;21723](go-gitea/gitea#21723))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTIuMiIsInVwZGF0ZWRJblZlciI6IjM0LjE1Mi4yIn0=-->

Co-authored-by: Michael Wittig <michael.wittig@posteo.de>
Reviewed-on: https://gitea.sh4ke.rocks/sh4ke/k8s-projects/pulls/85
Sh4kE added a commit to Sh4kE/k8s-projects that referenced this pull request Feb 28, 2023
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [gitea/gitea](https://github.com/go-gitea/gitea) | minor | `1.17.3-rootless` -> `1.18.5-rootless` |

---

### Release Notes

<details>
<summary>go-gitea/gitea</summary>

### [`v1.18.5`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1185-httpsgithubcomgo-giteagiteareleasestagv1185---2023-02-21)

[Compare Source](go-gitea/gitea@v1.18.4...v1.18.5)

-   ENHANCEMENTS
    -   Hide 2FA status from other members in organization members list ([#&#8203;22999](go-gitea/gitea#22999)) ([#&#8203;23023](go-gitea/gitea#23023))
-   BUGFIXES
    -   Add force_merge to merge request and fix checking mergable ([#&#8203;23010](go-gitea/gitea#23010)) ([#&#8203;23032](go-gitea/gitea#23032))
    -   Use `--message=%s` for git commit message ([#&#8203;23028](go-gitea/gitea#23028)) ([#&#8203;23029](go-gitea/gitea#23029))
    -   Render access log template as text instead of HTML ([#&#8203;23013](go-gitea/gitea#23013)) ([#&#8203;23025](go-gitea/gitea#23025))
    -   Fix the Manually Merged form ([#&#8203;23015](go-gitea/gitea#23015)) ([#&#8203;23017](go-gitea/gitea#23017))
    -   Use beforeCommit instead of baseCommit ([#&#8203;22949](go-gitea/gitea#22949)) ([#&#8203;22996](go-gitea/gitea#22996))
    -   Display attachments of review comment when comment content is blank ([#&#8203;23035](go-gitea/gitea#23035)) ([#&#8203;23046](go-gitea/gitea#23046))
    -   Return empty url for submodule tree entries ([#&#8203;23043](go-gitea/gitea#23043)) ([#&#8203;23048](go-gitea/gitea#23048))

### [`v1.18.4`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1184-httpsgithubcomgo-giteagiteareleasestag1184---2023-02-20)

[Compare Source](go-gitea/gitea@v1.18.3...v1.18.4)

-   SECURITY
    -   Provide the ability to set password hash algorithm parameters ([#&#8203;22942](go-gitea/gitea#22942)) ([#&#8203;22943](go-gitea/gitea#22943))
    -   Add command to bulk set must-change-password ([#&#8203;22823](go-gitea/gitea#22823)) ([#&#8203;22928](go-gitea/gitea#22928))
-   ENHANCEMENTS
    -   Use import of OCI structs ([#&#8203;22765](go-gitea/gitea#22765)) ([#&#8203;22805](go-gitea/gitea#22805))
    -   Fix color of tertiary button on dark theme ([#&#8203;22739](go-gitea/gitea#22739)) ([#&#8203;22744](go-gitea/gitea#22744))
    -   Link issue and pull requests status change in UI notifications directly to their event in the timelined view. ([#&#8203;22627](go-gitea/gitea#22627)) ([#&#8203;22642](go-gitea/gitea#22642))
-   BUGFIXES
    -   Notify on container image create ([#&#8203;22806](go-gitea/gitea#22806)) ([#&#8203;22965](go-gitea/gitea#22965))
    -   Fix blame view missing lines ([#&#8203;22826](go-gitea/gitea#22826)) ([#&#8203;22929](go-gitea/gitea#22929))
    -   Fix incorrect role labels for migrated issues and comments ([#&#8203;22914](go-gitea/gitea#22914)) ([#&#8203;22923](go-gitea/gitea#22923))
    -   Fix PR file tree folders no longer collapsing ([#&#8203;22864](go-gitea/gitea#22864)) ([#&#8203;22872](go-gitea/gitea#22872))
    -   Escape filename when assemble URL ([#&#8203;22850](go-gitea/gitea#22850)) ([#&#8203;22871](go-gitea/gitea#22871))
    -   Fix isAllowed of escapeStreamer ([#&#8203;22814](go-gitea/gitea#22814)) ([#&#8203;22837](go-gitea/gitea#22837))
    -   Load issue before accessing index in merge message ([#&#8203;22822](go-gitea/gitea#22822)) ([#&#8203;22830](go-gitea/gitea#22830))
    -   Improve trace logging for pulls and processes ([#&#8203;22633](go-gitea/gitea#22633)) ([#&#8203;22812](go-gitea/gitea#22812))
    -   Fix restore repo bug, clarify the problem of ForeignIndex ([#&#8203;22776](go-gitea/gitea#22776)) ([#&#8203;22794](go-gitea/gitea#22794))
    -   Add default user visibility to cli command "admin user create" ([#&#8203;22750](go-gitea/gitea#22750)) ([#&#8203;22760](go-gitea/gitea#22760))
    -   Escape path for the file list ([#&#8203;22741](go-gitea/gitea#22741)) ([#&#8203;22757](go-gitea/gitea#22757))
    -   Fix bugs with WebAuthn preventing sign in and registration. ([#&#8203;22651](go-gitea/gitea#22651)) ([#&#8203;22721](go-gitea/gitea#22721))
    -   Add missing close bracket in imagediff ([#&#8203;22710](go-gitea/gitea#22710)) ([#&#8203;22712](go-gitea/gitea#22712))
    -   Move code comments to a standalone file and fix the bug when adding a reply to an outdated review appears to not post([#&#8203;20821](go-gitea/gitea#20821)) ([#&#8203;22707](go-gitea/gitea#22707))
    -   Fix line spacing for plaintext previews ([#&#8203;22699](go-gitea/gitea#22699)) ([#&#8203;22701](go-gitea/gitea#22701))
    -   Fix wrong hint when deleting a branch successfully from pull request UI ([#&#8203;22673](go-gitea/gitea#22673)) ([#&#8203;22698](go-gitea/gitea#22698))
    -   Fix README TOC links ([#&#8203;22577](go-gitea/gitea#22577)) ([#&#8203;22677](go-gitea/gitea#22677))
    -   Fix missing message in git hook when pull requests disabled on fork ([#&#8203;22625](go-gitea/gitea#22625)) ([#&#8203;22658](go-gitea/gitea#22658))
    -   Improve checkIfPRContentChanged ([#&#8203;22611](go-gitea/gitea#22611)) ([#&#8203;22644](go-gitea/gitea#22644))
    -   Prevent duplicate labels when importing more than 99 ([#&#8203;22591](go-gitea/gitea#22591)) ([#&#8203;22598](go-gitea/gitea#22598))
    -   Don't return duplicated users who can create org repo ([#&#8203;22560](go-gitea/gitea#22560)) ([#&#8203;22562](go-gitea/gitea#22562))
-   BUILD
    -   Upgrade golangcilint to v1.51.0 ([#&#8203;22764](go-gitea/gitea#22764))
-   MISC
    -   Use proxy for pull mirror ([#&#8203;22771](go-gitea/gitea#22771)) ([#&#8203;22772](go-gitea/gitea#22772))
    -   Use `--index-url` in PyPi description ([#&#8203;22620](go-gitea/gitea#22620)) ([#&#8203;22636](go-gitea/gitea#22636))

### [`v1.18.3`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1183-httpsgithubcomgo-giteagiteareleasestagv1183---2023-01-23)

[Compare Source](go-gitea/gitea@v1.18.2...v1.18.3)

-   SECURITY
    -   Prevent multiple `To` recipients ([#&#8203;22566](go-gitea/gitea#22566)) ([#&#8203;22569](go-gitea/gitea#22569))
-   BUGFIXES
    -   Truncate commit summary on repo files table. ([#&#8203;22551](go-gitea/gitea#22551)) ([#&#8203;22552](go-gitea/gitea#22552))
    -   Mute all links in issue timeline ([#&#8203;22534](go-gitea/gitea#22534))

### [`v1.18.2`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1182-httpsgithubcomgo-giteagiteareleasestagv1182---2023-01-19)

[Compare Source](go-gitea/gitea@v1.18.1...v1.18.2)

-   BUGFIXES
    -   Fix issue not auto-closing when it includes a reference to a branch ([#&#8203;22514](go-gitea/gitea#22514)) ([#&#8203;22521](go-gitea/gitea#22521))
    -   Fix invalid issue branch reference if not specified in template ([#&#8203;22513](go-gitea/gitea#22513)) ([#&#8203;22520](go-gitea/gitea#22520))
    -   Fix 500 error viewing pull request when fork has pull requests disabled ([#&#8203;22512](go-gitea/gitea#22512)) ([#&#8203;22515](go-gitea/gitea#22515))
    -   Reliable selection of admin user ([#&#8203;22509](go-gitea/gitea#22509)) ([#&#8203;22511](go-gitea/gitea#22511))
    -   Set disable_gravatar/enable_federated_avatar when offline mode is true ([#&#8203;22479](go-gitea/gitea#22479)) ([#&#8203;22496](go-gitea/gitea#22496))
-   BUILD
    -   cgo cross-compile for freebsd ([#&#8203;22397](go-gitea/gitea#22397)) ([#&#8203;22519](go-gitea/gitea#22519))

### [`v1.18.1`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1181-httpsgithubcomgo-giteagiteareleasestagv1181---2023-01-17)

[Compare Source](go-gitea/gitea@v1.18.0...v1.18.1)

-   API
    -   Add `sync_on_commit` option for push mirrors api ([#&#8203;22271](go-gitea/gitea#22271)) ([#&#8203;22292](go-gitea/gitea#22292))
-   BUGFIXES
    -   Update `github.com/zeripath/zapx/v15` ([#&#8203;22485](go-gitea/gitea#22485))
    -   Fix pull request API field `closed_at` always being `null` ([#&#8203;22482](go-gitea/gitea#22482)) ([#&#8203;22483](go-gitea/gitea#22483))
    -   Fix container blob mount ([#&#8203;22226](go-gitea/gitea#22226)) ([#&#8203;22476](go-gitea/gitea#22476))
    -   Fix error when calculating repository size ([#&#8203;22392](go-gitea/gitea#22392)) ([#&#8203;22474](go-gitea/gitea#22474))
    -   Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS ([#&#8203;22454](go-gitea/gitea#22454)) ([#&#8203;22472](go-gitea/gitea#22472))
    -   Fix environments for KaTeX and error reporting ([#&#8203;22453](go-gitea/gitea#22453)) ([#&#8203;22473](go-gitea/gitea#22473))
    -   Remove the netgo tag for Windows build ([#&#8203;22467](go-gitea/gitea#22467)) ([#&#8203;22468](go-gitea/gitea#22468))
    -   Fix migration from GitBucket ([#&#8203;22477](go-gitea/gitea#22477)) ([#&#8203;22465](go-gitea/gitea#22465))
    -   Prevent panic on looking at api "git" endpoints for empty repos ([#&#8203;22457](go-gitea/gitea#22457)) ([#&#8203;22458](go-gitea/gitea#22458))
    -   Fix PR status layout on mobile ([#&#8203;21547](go-gitea/gitea#21547)) ([#&#8203;22441](go-gitea/gitea#22441))
    -   Fix wechatwork webhook sends empty content in PR review ([#&#8203;21762](go-gitea/gitea#21762)) ([#&#8203;22440](go-gitea/gitea#22440))
    -   Remove duplicate "Actions" label in mobile view ([#&#8203;21974](go-gitea/gitea#21974)) ([#&#8203;22439](go-gitea/gitea#22439))
    -   Fix leaving organization bug on user settings -> orgs ([#&#8203;21983](go-gitea/gitea#21983)) ([#&#8203;22438](go-gitea/gitea#22438))
    -   Fixed colour transparency regex matching in project board sorting ([#&#8203;22092](go-gitea/gitea#22092)) ([#&#8203;22437](go-gitea/gitea#22437))
    -   Correctly handle select on multiple channels in Queues ([#&#8203;22146](go-gitea/gitea#22146)) ([#&#8203;22428](go-gitea/gitea#22428))
    -   Prepend refs/heads/ to issue template refs ([#&#8203;20461](go-gitea/gitea#20461)) ([#&#8203;22427](go-gitea/gitea#22427))
    -   Restore function to "Show more" buttons ([#&#8203;22399](go-gitea/gitea#22399)) ([#&#8203;22426](go-gitea/gitea#22426))
    -   Continue GCing other repos on error in one repo ([#&#8203;22422](go-gitea/gitea#22422)) ([#&#8203;22425](go-gitea/gitea#22425))
    -   Allow HOST has no port ([#&#8203;22280](go-gitea/gitea#22280)) ([#&#8203;22409](go-gitea/gitea#22409))
    -   Fix omit avatar_url in discord payload when empty ([#&#8203;22393](go-gitea/gitea#22393)) ([#&#8203;22394](go-gitea/gitea#22394))
    -   Don't display stop watch top bar icon when disabled and hidden when click other place ([#&#8203;22374](go-gitea/gitea#22374)) ([#&#8203;22387](go-gitea/gitea#22387))
    -   Don't lookup mail server when using sendmail ([#&#8203;22300](go-gitea/gitea#22300)) ([#&#8203;22383](go-gitea/gitea#22383))
    -   Fix gravatar disable bug ([#&#8203;22337](go-gitea/gitea#22337))
    -   Fix update settings table on install ([#&#8203;22326](go-gitea/gitea#22326)) ([#&#8203;22327](go-gitea/gitea#22327))
    -   Fix sitemap ([#&#8203;22272](go-gitea/gitea#22272)) ([#&#8203;22320](go-gitea/gitea#22320))
    -   Fix code search title translation ([#&#8203;22285](go-gitea/gitea#22285)) ([#&#8203;22316](go-gitea/gitea#22316))
    -   Fix due date rendering the wrong date in issue ([#&#8203;22302](go-gitea/gitea#22302)) ([#&#8203;22306](go-gitea/gitea#22306))
    -   Fix get system setting bug when enabled redis cache ([#&#8203;22298](go-gitea/gitea#22298))
    -   Fix bug of DisableGravatar default value ([#&#8203;22297](go-gitea/gitea#22297))
    -   Fix key signature error page ([#&#8203;22229](go-gitea/gitea#22229)) ([#&#8203;22230](go-gitea/gitea#22230))
-   TESTING
    -   Remove test session cache to reduce possible concurrent problem ([#&#8203;22199](go-gitea/gitea#22199)) ([#&#8203;22429](go-gitea/gitea#22429))
-   MISC
    -   Restore previous official review when an official review is deleted ([#&#8203;22449](go-gitea/gitea#22449)) ([#&#8203;22460](go-gitea/gitea#22460))
    -   Log STDERR of external renderer when it fails ([#&#8203;22442](go-gitea/gitea#22442)) ([#&#8203;22444](go-gitea/gitea#22444))

### [`v1.18.0`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1180-httpsgithubcomgo-giteagiteareleasestagv1180---2022-12-29)

[Compare Source](go-gitea/gitea@v1.17.4...v1.18.0)

-   SECURITY
    -   Remove ReverseProxy authentication from the API ([#&#8203;22219](go-gitea/gitea#22219)) ([#&#8203;22251](go-gitea/gitea#22251))
    -   Support Go Vulnerability Management ([#&#8203;21139](go-gitea/gitea#21139))
    -   Forbid HTML string tooltips ([#&#8203;20935](go-gitea/gitea#20935))
-   BREAKING
    -   Rework mailer settings ([#&#8203;18982](go-gitea/gitea#18982))
    -   Remove U2F support ([#&#8203;20141](go-gitea/gitea#20141))
    -   Refactor `i18n` to `locale` ([#&#8203;20153](go-gitea/gitea#20153))
    -   Enable contenthash in filename for dynamic assets ([#&#8203;20813](go-gitea/gitea#20813))
-   FEATURES
    -   Add color previews in markdown ([#&#8203;21474](go-gitea/gitea#21474))
    -   Allow package version sorting ([#&#8203;21453](go-gitea/gitea#21453))
    -   Add support for Chocolatey/NuGet v2 API ([#&#8203;21393](go-gitea/gitea#21393))
    -   Add API endpoint to get changed files of a PR ([#&#8203;21177](go-gitea/gitea#21177))
    -   Add filetree on left of diff view ([#&#8203;21012](go-gitea/gitea#21012))
    -   Support Issue forms and PR forms ([#&#8203;20987](go-gitea/gitea#20987))
    -   Add support for Vagrant packages ([#&#8203;20930](go-gitea/gitea#20930))
    -   Add support for `npm unpublish` ([#&#8203;20688](go-gitea/gitea#20688))
    -   Add badge capabilities to users ([#&#8203;20607](go-gitea/gitea#20607))
    -   Add issue filter for Author ([#&#8203;20578](go-gitea/gitea#20578))
    -   Add KaTeX rendering to Markdown. ([#&#8203;20571](go-gitea/gitea#20571))
    -   Add support for Pub packages ([#&#8203;20560](go-gitea/gitea#20560))
    -   Support localized README ([#&#8203;20508](go-gitea/gitea#20508))
    -   Add support mCaptcha as captcha provider ([#&#8203;20458](go-gitea/gitea#20458))
    -   Add team member invite by email ([#&#8203;20307](go-gitea/gitea#20307))
    -   Added email notification option to receive all own messages ([#&#8203;20179](go-gitea/gitea#20179))
    -   Switch Unicode Escaping to a VSCode-like system ([#&#8203;19990](go-gitea/gitea#19990))
    -   Add user/organization code search ([#&#8203;19977](go-gitea/gitea#19977))
    -   Only show relevant repositories on explore page ([#&#8203;19361](go-gitea/gitea#19361))
    -   User keypairs and HTTP signatures for ActivityPub federation using go-ap ([#&#8203;19133](go-gitea/gitea#19133))
    -   Add sitemap support ([#&#8203;18407](go-gitea/gitea#18407))
    -   Allow creation of OAuth2 applications for orgs ([#&#8203;18084](go-gitea/gitea#18084))
    -   Add system setting table with cache and also add cache supports for user setting ([#&#8203;18058](go-gitea/gitea#18058))
    -   Add pages to view watched repos and subscribed issues/PRs ([#&#8203;17156](go-gitea/gitea#17156))
    -   Support Proxy protocol ([#&#8203;12527](go-gitea/gitea#12527))
    -   Implement sync push mirror on commit ([#&#8203;19411](go-gitea/gitea#19411))
-   API
    -   Allow empty assignees on pull request edit ([#&#8203;22150](go-gitea/gitea#22150)) ([#&#8203;22214](go-gitea/gitea#22214))
    -   Make external issue tracker regexp configurable via API ([#&#8203;21338](go-gitea/gitea#21338))
    -   Add name field for org api ([#&#8203;21270](go-gitea/gitea#21270))
    -   Show teams with no members if user is admin ([#&#8203;21204](go-gitea/gitea#21204))
    -   Add latest commit's SHA to content response ([#&#8203;20398](go-gitea/gitea#20398))
    -   Add allow_rebase_update, default_delete_branch_after_merge to repository api response ([#&#8203;20079](go-gitea/gitea#20079))
    -   Add new endpoints for push mirrors management ([#&#8203;19841](go-gitea/gitea#19841))
-   ENHANCEMENTS
    -   Add setting to disable the git apply step in test patch ([#&#8203;22130](go-gitea/gitea#22130)) ([#&#8203;22170](go-gitea/gitea#22170))
    -   Multiple improvements for comment edit diff ([#&#8203;21990](go-gitea/gitea#21990)) ([#&#8203;22007](go-gitea/gitea#22007))
    -   Fix button in branch list, avoid unexpected page jump before restore branch actually done ([#&#8203;21562](go-gitea/gitea#21562)) ([#&#8203;21928](go-gitea/gitea#21928))
    -   Fix flex layout for repo list icons ([#&#8203;21896](go-gitea/gitea#21896)) ([#&#8203;21920](go-gitea/gitea#21920))
    -   Fix vertical align of committer avatar rendered by email address ([#&#8203;21884](go-gitea/gitea#21884)) ([#&#8203;21918](go-gitea/gitea#21918))
    -   Fix setting HTTP headers after write ([#&#8203;21833](go-gitea/gitea#21833)) ([#&#8203;21877](go-gitea/gitea#21877))
    -   Color and Style enhancements ([#&#8203;21784](go-gitea/gitea#21784), [#&#8203;21799](go-gitea/gitea#21799)) ([#&#8203;21868](go-gitea/gitea#21868))
    -   Ignore line anchor links with leading zeroes ([#&#8203;21728](go-gitea/gitea#21728)) ([#&#8203;21776](go-gitea/gitea#21776))
    -   Quick fixes monaco-editor error: "vs.editor.nullLanguage" ([#&#8203;21734](go-gitea/gitea#21734)) ([#&#8203;21738](go-gitea/gitea#21738))
    -   Use CSS color-scheme instead of invert ([#&#8203;21616](go-gitea/gitea#21616)) ([#&#8203;21623](go-gitea/gitea#21623))
    -   Respect user's locale when rendering the date range in the repo activity page ([#&#8203;21410](go-gitea/gitea#21410))
    -   Change `commits-table` column width ([#&#8203;21564](go-gitea/gitea#21564))
    -   Refactor git command arguments and make all arguments to be safe to be used ([#&#8203;21535](go-gitea/gitea#21535))
    -   CSS color enhancements ([#&#8203;21534](go-gitea/gitea#21534))
    -   Add link to user profile in markdown mention only if user exists ([#&#8203;21533](go-gitea/gitea#21533), [#&#8203;21554](go-gitea/gitea#21554))
    -   Add option to skip index dirs ([#&#8203;21501](go-gitea/gitea#21501))
    -   Diff file tree tweaks ([#&#8203;21446](go-gitea/gitea#21446))
    -   Localize all timestamps ([#&#8203;21440](go-gitea/gitea#21440))
    -   Add `code` highlighting in issue titles ([#&#8203;21432](go-gitea/gitea#21432))
    -   Use Name instead of DisplayName in LFS Lock ([#&#8203;21415](go-gitea/gitea#21415))
    -   Consolidate more CSS colors into variables ([#&#8203;21402](go-gitea/gitea#21402))
    -   Redirect to new repository owner ([#&#8203;21398](go-gitea/gitea#21398))
    -   Use ISO date format instead of hard-coded English date format for date range in repo activity page ([#&#8203;21396](go-gitea/gitea#21396))
    -   Use weighted algorithm for string matching when finding files in repo ([#&#8203;21370](go-gitea/gitea#21370))
    -   Show private data in feeds ([#&#8203;21369](go-gitea/gitea#21369))
    -   Refactor parseTreeEntries, speed up tree list ([#&#8203;21368](go-gitea/gitea#21368))
    -   Add GET and DELETE endpoints for Docker blob uploads ([#&#8203;21367](go-gitea/gitea#21367))
    -   Add nicer error handling on template compile errors ([#&#8203;21350](go-gitea/gitea#21350))
    -   Add `stat` to `ToCommit` function for speed ([#&#8203;21337](go-gitea/gitea#21337))
    -   Support instance-wide OAuth2 applications ([#&#8203;21335](go-gitea/gitea#21335))
    -   Record OAuth client type at registration ([#&#8203;21316](go-gitea/gitea#21316))
    -   Add new CSS variables --color-accent and --color-small-accent ([#&#8203;21305](go-gitea/gitea#21305))
    -   Improve error descriptions for unauthorized_client ([#&#8203;21292](go-gitea/gitea#21292))
    -   Case-insensitive "find files in repo" ([#&#8203;21269](go-gitea/gitea#21269))
    -   Consolidate more CSS rules, fix inline code on arc-green ([#&#8203;21260](go-gitea/gitea#21260))
    -   Log real ip of requests from ssh ([#&#8203;21216](go-gitea/gitea#21216))
    -   Save files in local storage as group readable ([#&#8203;21198](go-gitea/gitea#21198))
    -   Enable fluid page layout on medium size viewports ([#&#8203;21178](go-gitea/gitea#21178))
    -   File header tweaks ([#&#8203;21175](go-gitea/gitea#21175))
    -   Added missing headers on user packages page ([#&#8203;21172](go-gitea/gitea#21172))
    -   Display image digest for container packages ([#&#8203;21170](go-gitea/gitea#21170))
    -   Skip dirty check for team forms ([#&#8203;21154](go-gitea/gitea#21154))
    -   Keep path when creating a new branch ([#&#8203;21153](go-gitea/gitea#21153))
    -   Remove fomantic image module ([#&#8203;21145](go-gitea/gitea#21145))
    -   Make labels clickable in the comments section. ([#&#8203;21137](go-gitea/gitea#21137))
    -   Sort branches and tags by date descending ([#&#8203;21136](go-gitea/gitea#21136))
    -   Better repo API unit checks ([#&#8203;21130](go-gitea/gitea#21130))
    -   Improve commit status icons ([#&#8203;21124](go-gitea/gitea#21124))
    -   Limit length of repo description and repo url input fields ([#&#8203;21119](go-gitea/gitea#21119))
    -   Show .editorconfig errors in frontend ([#&#8203;21088](go-gitea/gitea#21088))
    -   Allow poster to choose reviewers ([#&#8203;21084](go-gitea/gitea#21084))
    -   Remove black labels and CSS cleanup ([#&#8203;21003](go-gitea/gitea#21003))
    -   Make e-mail sanity check more precise ([#&#8203;20991](go-gitea/gitea#20991))
    -   Use native inputs in whitespace dropdown ([#&#8203;20980](go-gitea/gitea#20980))
    -   Enhance package date display ([#&#8203;20928](go-gitea/gitea#20928))
    -   Display total blob size of a package version ([#&#8203;20927](go-gitea/gitea#20927))
    -   Show language name on hover ([#&#8203;20923](go-gitea/gitea#20923))
    -   Show instructions for all generic package files ([#&#8203;20917](go-gitea/gitea#20917))
    -   Refactor AssertExistsAndLoadBean to use generics ([#&#8203;20797](go-gitea/gitea#20797))
    -   Move the official website link at the footer of gitea ([#&#8203;20777](go-gitea/gitea#20777))
    -   Add support for full name in reverse proxy auth ([#&#8203;20776](go-gitea/gitea#20776))
    -   Remove useless JS operation for relative time tooltips ([#&#8203;20756](go-gitea/gitea#20756))
    -   Replace some icons with SVG ([#&#8203;20741](go-gitea/gitea#20741))
    -   Change commit status icons to SVG ([#&#8203;20736](go-gitea/gitea#20736))
    -   Improve single repo action for issue and pull requests ([#&#8203;20730](go-gitea/gitea#20730))
    -   Allow multiple files in generic packages ([#&#8203;20661](go-gitea/gitea#20661))
    -   Add option to create new issue from /issues page ([#&#8203;20650](go-gitea/gitea#20650))
    -   Background color of private list-items updated ([#&#8203;20630](go-gitea/gitea#20630))
    -   Added search input field to issue filter ([#&#8203;20623](go-gitea/gitea#20623))
    -   Increase default item listing size `ISSUE_PAGING_NUM` to 20 ([#&#8203;20547](go-gitea/gitea#20547))
    -   Modify milestone search keywords to be case insensitive again ([#&#8203;20513](go-gitea/gitea#20513))
    -   Show hint to link package to repo when viewing empty repo package list ([#&#8203;20504](go-gitea/gitea#20504))
    -   Add Tar ZSTD support ([#&#8203;20493](go-gitea/gitea#20493))
    -   Make code review checkboxes clickable ([#&#8203;20481](go-gitea/gitea#20481))
    -   Add "X-Gitea-Object-Type" header for GET `/raw/` & `/media/` API ([#&#8203;20438](go-gitea/gitea#20438))
    -   Display project in issue list ([#&#8203;20434](go-gitea/gitea#20434))
    -   Prepend commit message to template content when opening a new PR ([#&#8203;20429](go-gitea/gitea#20429))
    -   Replace fomantic popup module with tippy.js ([#&#8203;20428](go-gitea/gitea#20428))
    -   Allow to specify colors for text in markup ([#&#8203;20363](go-gitea/gitea#20363))
    -   Allow access to the Public Organization Member lists with minimal permissions ([#&#8203;20330](go-gitea/gitea#20330))
    -   Use default values when provided values are empty ([#&#8203;20318](go-gitea/gitea#20318))
    -   Vertical align navbar avatar at middle ([#&#8203;20302](go-gitea/gitea#20302))
    -   Delete cancel button in repo creation page ([#&#8203;21381](go-gitea/gitea#21381))
    -   Include login_name in adminCreateUser response ([#&#8203;20283](go-gitea/gitea#20283))
    -   fix: icon margin in user/settings/repos ([#&#8203;20281](go-gitea/gitea#20281))
    -   Remove blue text on migrate page ([#&#8203;20273](go-gitea/gitea#20273))
    -   Modify milestone search keywords to be case insensitive ([#&#8203;20266](go-gitea/gitea#20266))
    -   Move some files into models' sub packages ([#&#8203;20262](go-gitea/gitea#20262))
    -   Add tooltip to repo icons in explore page ([#&#8203;20241](go-gitea/gitea#20241))
    -   Remove deprecated licenses ([#&#8203;20222](go-gitea/gitea#20222))
    -   Webhook for Wiki changes ([#&#8203;20219](go-gitea/gitea#20219))
    -   Share HTML template renderers and create a watcher framework ([#&#8203;20218](go-gitea/gitea#20218))
    -   Allow enable LDAP source and disable user sync via CLI ([#&#8203;20206](go-gitea/gitea#20206))
    -   Adds a checkbox to select all issues/PRs ([#&#8203;20177](go-gitea/gitea#20177))
    -   Refactor `i18n` to `locale` ([#&#8203;20153](go-gitea/gitea#20153))
    -   Disable status checks in template if none found ([#&#8203;20088](go-gitea/gitea#20088))
    -   Allow manager logging to set SQL ([#&#8203;20064](go-gitea/gitea#20064))
    -   Add order by for assignee no sort issue ([#&#8203;20053](go-gitea/gitea#20053))
    -   Take a stab at porting existing components to Vue3 ([#&#8203;20044](go-gitea/gitea#20044))
    -   Add doctor command to write commit-graphs ([#&#8203;20007](go-gitea/gitea#20007))
    -   Add support for authentication based on reverse proxy email ([#&#8203;19949](go-gitea/gitea#19949))
    -   Enable spellcheck for EasyMDE, use contenteditable mode ([#&#8203;19776](go-gitea/gitea#19776))
    -   Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI ([#&#8203;19663](go-gitea/gitea#19663))
    -   Rework mailer settings ([#&#8203;18982](go-gitea/gitea#18982))
    -   Add option to purge users ([#&#8203;18064](go-gitea/gitea#18064))
    -   Add author search input ([#&#8203;21246](go-gitea/gitea#21246))
    -   Make rss/atom identifier globally unique ([#&#8203;21550](go-gitea/gitea#21550))
-   BUGFIXES
    -   Auth interface return error when verify failure ([#&#8203;22119](go-gitea/gitea#22119)) ([#&#8203;22259](go-gitea/gitea#22259))
    -   Use complete SHA to create and query commit status ([#&#8203;22244](go-gitea/gitea#22244)) ([#&#8203;22257](go-gitea/gitea#22257))
    -   Update bleve and zapx to fix unaligned atomic ([#&#8203;22031](go-gitea/gitea#22031)) ([#&#8203;22218](go-gitea/gitea#22218))
    -   Prevent panic in doctor command when running default checks ([#&#8203;21791](go-gitea/gitea#21791)) ([#&#8203;21807](go-gitea/gitea#21807))
    -   Load GitRepo in API before deleting issue ([#&#8203;21720](go-gitea/gitea#21720)) ([#&#8203;21796](go-gitea/gitea#21796))
    -   Ignore line anchor links with leading zeroes ([#&#8203;21728](go-gitea/gitea#21728)) ([#&#8203;21776](go-gitea/gitea#21776))
    -   Set last login when activating account ([#&#8203;21731](go-gitea/gitea#21731)) ([#&#8203;21755](go-gitea/gitea#21755))
    -   Fix UI language switching bug ([#&#8203;21597](go-gitea/gitea#21597)) ([#&#8203;21749](go-gitea/gitea#21749))
    -   Quick fixes monaco-editor error: "vs.editor.nullLanguage" ([#&#8203;21734](go-gitea/gitea#21734)) ([#&#8203;21738](go-gitea/gitea#21738))
    -   Allow local package identifiers for PyPI packages ([#&#8203;21690](go-gitea/gitea#21690)) ([#&#8203;21727](go-gitea/gitea#21727))
    -   Deal with markdown template without metadata ([#&#8203;21639](go-gitea/gitea#21639)) ([#&#8203;21654](go-gitea/gitea#21654))
    -   Fix opaque background on mermaid diagrams ([#&#8203;21642](go-gitea/gitea#21642)) ([#&#8203;21652](go-gitea/gitea#21652))
    -   Fix repository adoption on Windows ([#&#8203;21646](go-gitea/gitea#21646)) ([#&#8203;21650](go-gitea/gitea#21650))
    -   Sync git hooks when config file path changed ([#&#8203;21619](go-gitea/gitea#21619)) ([#&#8203;21626](go-gitea/gitea#21626))
    -   Fix 500 on PR files API ([#&#8203;21602](go-gitea/gitea#21602)) ([#&#8203;21607](go-gitea/gitea#21607))
    -   Fix `Timestamp.IsZero` ([#&#8203;21593](go-gitea/gitea#21593)) ([#&#8203;21603](go-gitea/gitea#21603))
    -   Fix viewing user subscriptions ([#&#8203;21482](go-gitea/gitea#21482))
    -   Fix mermaid-related bugs ([#&#8203;21431](go-gitea/gitea#21431))
    -   Fix branch dropdown shifting on page load ([#&#8203;21428](go-gitea/gitea#21428))
    -   Fix default theme-auto selector when nologin ([#&#8203;21346](go-gitea/gitea#21346))
    -   Fix and improve incorrect error messages ([#&#8203;21342](go-gitea/gitea#21342))
    -   Fix formatted link for PR review notifications to matrix ([#&#8203;21319](go-gitea/gitea#21319))
    -   Center-aligning content of WebAuthN page ([#&#8203;21127](go-gitea/gitea#21127))
    -   Remove follow from commits by file ([#&#8203;20765](go-gitea/gitea#20765))
    -   Fix commit status popup ([#&#8203;20737](go-gitea/gitea#20737))
    -   Fix init mail render logic ([#&#8203;20704](go-gitea/gitea#20704))
    -   Use correct page size for link header pagination ([#&#8203;20546](go-gitea/gitea#20546))
    -   Preserve unix socket file ([#&#8203;20499](go-gitea/gitea#20499))
    -   Use tippy.js for context popup ([#&#8203;20393](go-gitea/gitea#20393))
    -   Add missing parameter for error in log message ([#&#8203;20144](go-gitea/gitea#20144))
    -   Do not allow organisation owners add themselves as collaborator ([#&#8203;20043](go-gitea/gitea#20043))
    -   Rework file highlight rendering and fix yaml copy-paste ([#&#8203;19967](go-gitea/gitea#19967))
    -   Improve code diff highlight, fix incorrect rendered diff result ([#&#8203;19958](go-gitea/gitea#19958))
-   TESTING
    -   Improve OAuth integration tests ([#&#8203;21390](go-gitea/gitea#21390))
    -   Add playwright tests ([#&#8203;20123](go-gitea/gitea#20123))
-   BUILD
    -   Switch to building with go1.19 ([#&#8203;20695](go-gitea/gitea#20695))
    -   Update JS dependencies, adjust eslint ([#&#8203;20659](go-gitea/gitea#20659))
    -   Add more linters to improve code readability ([#&#8203;19989](go-gitea/gitea#19989))

### [`v1.17.4`](https://github.com/go-gitea/gitea/blob/HEAD/CHANGELOG.md#&#8203;1174-httpsgithubcomgo-giteagiteareleasestagv1174---2022-12-21)

[Compare Source](go-gitea/gitea@v1.17.3...v1.17.4)

-   SECURITY
    -   Do not allow Ghost access to limited visible user/org ([#&#8203;21849](go-gitea/gitea#21849)) ([#&#8203;21875](go-gitea/gitea#21875))
    -   Fix package access for admins and inactive users ([#&#8203;21580](go-gitea/gitea#21580)) ([#&#8203;21592](go-gitea/gitea#21592))
-   ENHANCEMENTS
    -   Fix button in branch list, avoid unexpected page jump before restore branch actually done ([#&#8203;21562](go-gitea/gitea#21562)) ([#&#8203;21927](go-gitea/gitea#21927))
    -   Fix vertical align of committer avatar rendered by email address ([#&#8203;21884](go-gitea/gitea#21884)) ([#&#8203;21919](go-gitea/gitea#21919))
    -   Fix setting HTTP headers after write ([#&#8203;21833](go-gitea/gitea#21833)) ([#&#8203;21874](go-gitea/gitea#21874))
    -   Ignore line anchor links with leading zeroes ([#&#8203;21728](go-gitea/gitea#21728)) ([#&#8203;21777](go-gitea/gitea#21777))
    -   Enable Monaco automaticLayout ([#&#8203;21516](go-gitea/gitea#21516))
-   BUGFIXES
    -   Do not list active repositories as unadopted ([#&#8203;22034](go-gitea/gitea#22034)) ([#&#8203;22167](go-gitea/gitea#22167))
    -   Correctly handle moved files in apply patch ([#&#8203;22118](go-gitea/gitea#22118)) ([#&#8203;22136](go-gitea/gitea#22136))
    -   Fix condition for is_internal ([#&#8203;22095](go-gitea/gitea#22095)) ([#&#8203;22131](go-gitea/gitea#22131))
    -   Fix permission check on issue/pull lock ([#&#8203;22114](go-gitea/gitea#22114))
    -   Fix sorting admin user list by last login ([#&#8203;22081](go-gitea/gitea#22081)) ([#&#8203;22106](go-gitea/gitea#22106))
    -   Workaround for container registry push/pull errors ([#&#8203;21862](go-gitea/gitea#21862)) ([#&#8203;22069](go-gitea/gitea#22069))
    -   Fix issue/PR numbers ([#&#8203;22037](go-gitea/gitea#22037)) ([#&#8203;22045](go-gitea/gitea#22045))
    -   Handle empty author names ([#&#8203;21902](go-gitea/gitea#21902)) ([#&#8203;22028](go-gitea/gitea#22028))
    -   Fix ListBranches to handle empty case ([#&#8203;21921](go-gitea/gitea#21921)) ([#&#8203;22025](go-gitea/gitea#22025))
    -   Fix enabling partial clones on 1.17 ([#&#8203;21809](go-gitea/gitea#21809))
    -   Prevent panic in doctor command when running default checks ([#&#8203;21791](go-gitea/gitea#21791)) ([#&#8203;21808](go-gitea/gitea#21808))
    -   Upgrade golang.org/x/crypto ([#&#8203;21792](go-gitea/gitea#21792)) ([#&#8203;21794](go-gitea/gitea#21794))
    -   Init git module before database migration ([#&#8203;21764](go-gitea/gitea#21764)) ([#&#8203;21766](go-gitea/gitea#21766))
    -   Set last login when activating account ([#&#8203;21731](go-gitea/gitea#21731)) ([#&#8203;21754](go-gitea/gitea#21754))
    -   Add HEAD fix to gitea doctor ([#&#8203;21352](go-gitea/gitea#21352)) ([#&#8203;21751](go-gitea/gitea#21751))
    -   Fix UI language switching bug ([#&#8203;21597](go-gitea/gitea#21597)) ([#&#8203;21748](go-gitea/gitea#21748))
    -   Remove semver compatible flag and change pypi to an array of test cases ([#&#8203;21708](go-gitea/gitea#21708)) ([#&#8203;21729](go-gitea/gitea#21729))
    -   Allow local package identifiers for PyPI packages ([#&#8203;21690](go-gitea/gitea#21690)) ([#&#8203;21726](go-gitea/gitea#21726))
    -   Fix repository adoption on Windows ([#&#8203;21646](go-gitea/gitea#21646)) ([#&#8203;21651](go-gitea/gitea#21651))
    -   Sync git hooks when config file path changed ([#&#8203;21619](go-gitea/gitea#21619)) ([#&#8203;21625](go-gitea/gitea#21625))
    -   Added check for disabled Packages ([#&#8203;21540](go-gitea/gitea#21540)) ([#&#8203;21614](go-gitea/gitea#21614))
    -   Fix `Timestamp.IsZero` ([#&#8203;21593](go-gitea/gitea#21593)) ([#&#8203;21604](go-gitea/gitea#21604))
    -   Fix issues count bug ([#&#8203;21600](go-gitea/gitea#21600))
    -   Support binary deploy in npm packages ([#&#8203;21589](go-gitea/gitea#21589))
    -   Update milestone counters when issue is deleted ([#&#8203;21459](go-gitea/gitea#21459)) ([#&#8203;21586](go-gitea/gitea#21586))
    -   SessionUser protection against nil pointer dereference ([#&#8203;21581](go-gitea/gitea#21581))
    -   Case-insensitive NuGet symbol file GUID ([#&#8203;21409](go-gitea/gitea#21409)) ([#&#8203;21575](go-gitea/gitea#21575))
    -   Suppress `ExternalLoginUserNotExist` error ([#&#8203;21504](go-gitea/gitea#21504)) ([#&#8203;21572](go-gitea/gitea#21572))
    -   Prevent Authorization header for presigned LFS urls ([#&#8203;21531](go-gitea/gitea#21531)) ([#&#8203;21569](go-gitea/gitea#21569))
    -   Update binding to fix bugs ([#&#8203;21560](go-gitea/gitea#21560))
    -   Fix generating compare link ([#&#8203;21519](go-gitea/gitea#21519)) ([#&#8203;21530](go-gitea/gitea#21530))
    -   Ignore error when retrieving changed PR review files ([#&#8203;21487](go-gitea/gitea#21487)) ([#&#8203;21524](go-gitea/gitea#21524))
    -   Fix incorrect notification commit url ([#&#8203;21479](go-gitea/gitea#21479)) ([#&#8203;21483](go-gitea/gitea#21483))
    -   Display total commit count in hook message ([#&#8203;21400](go-gitea/gitea#21400)) ([#&#8203;21481](go-gitea/gitea#21481))
    -   Enforce grouped NuGet search results ([#&#8203;21442](go-gitea/gitea#21442)) ([#&#8203;21480](go-gitea/gitea#21480))
    -   Return 404 when user is not found on avatar ([#&#8203;21476](go-gitea/gitea#21476)) ([#&#8203;21477](go-gitea/gitea#21477))
    -   Normalize NuGet package version on upload ([#&#8203;22186](go-gitea/gitea#22186)) ([#&#8203;22201](go-gitea/gitea#22201))
-   MISC
    -   Check for zero time instant in TimeStamp.IsZero() ([#&#8203;22171](go-gitea/gitea#22171)) ([#&#8203;22173](go-gitea/gitea#22173))
    -   Fix warn in database structs sync ([#&#8203;22111](go-gitea/gitea#22111))
    -   Allow for resolution of NPM registry paths that match upstream ([#&#8203;21568](go-gitea/gitea#21568)) ([#&#8203;21723](go-gitea/gitea#21723))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xNTIuMiIsInVwZGF0ZWRJblZlciI6IjM0LjE1Mi4yIn0=-->

Co-authored-by: Michael Wittig <michael.wittig@posteo.de>
Reviewed-on: https://gitea.sh4ke.rocks/sh4ke/k8s-projects/pulls/84
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. lgtm/need 1 This PR needs approval from one additional maintainer to be merged. topic/federation type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Development

Successfully merging this pull request may close these issues.