Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update go dependencies #28518

Merged
merged 4 commits into from
Dec 19, 2023
Merged

Update go dependencies #28518

merged 4 commits into from
Dec 19, 2023

Conversation

wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Dec 18, 2023
edited
Loading

Update golang.org/x/crypto for CVE-2023-48795 and update other packages. go-git is not updated because it needs time to figure out why some tests fail.

@wxiaoguang wxiaoguang added this to the 1.22.0 milestone Dec 18, 2023
@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Dec 18, 2023
@pull-request-size pull-request-size bot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Dec 18, 2023
@wxiaoguang wxiaoguang added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Dec 18, 2023
delvh
delvh approved these changes Dec 18, 2023
View reviewed changes
modules/git/repo_commitgraph_gogit.go Outdated
@@ -12,7 +12,7 @@ import (

gitealog "code.gitea.io/gitea/modules/log"

"github.com/go-git/go-git/v5/plumbing/format/commitgraph"
commitgraph_v2 "github.com/go-git/go-git/v5/plumbing/format/commitgraph/v2"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow. I never thought I'd see two version numbers in the same import anytime.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see some failed tests with newer gogit, so I think it's better to revert it to the old version, then leave enough time to figure out how to upgrade gogit in the future.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Dec 18, 2023
@techknowlogick techknowlogick added backport/v1.21 This PR should be backported to Gitea 1.21 and removed backport/v1.21 This PR should be backported to Gitea 1.21 labels Dec 18, 2023
@wxiaoguang
Copy link
Contributor Author

No, don't backport

@techknowlogick
Copy link
Member

@wxiaoguang yup, sorry I applied the label thinking this was just the crypto changes and removed it when I saw the full extent of this PR

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Dec 19, 2023
@lunny lunny merged commit 11f0519 into go-gitea:main Dec 19, 2023
25 checks passed
@wxiaoguang wxiaoguang deleted the update-go-mod branch December 19, 2023 05:18
zjjhot added a commit to zjjhot/gitea that referenced this pull request Dec 19, 2023
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
c919783 
* giteaofficial/main:
  Fix duplicate ID when deleting repo (go-gitea#28520)
  chore(api): support ignore password if login source type is LDAP for creating user API (go-gitea#28491)
  Update go dependencies (go-gitea#28518)
  Bump google/go-github to v57 (go-gitea#28514)
  Only check online runner when detecting matching runners in workflows (go-gitea#28286)
  Add orphaned topic consistency check (go-gitea#28507)
  Improve the prompt for "ssh-keygen sign" (go-gitea#28509)
@wxiaoguang wxiaoguang mentioned this pull request Dec 28, 2023
Closed
@kaiwalyajoshi kaiwalyajoshi mentioned this pull request Dec 29, 2023
Closed
@harryzcy harryzcy mentioned this pull request Jan 14, 2024
Closed
fuxiaohei pushed a commit to fuxiaohei/gitea that referenced this pull request Jan 17, 2024
@wxiaoguang @fuxiaohei
Update go dependencies (go-gitea#28518)
8705cea 
Update golang.org/x/crypto for CVE-2023-48795 and update other packages.
`go-git` is not updated because it needs time to figure out why some
tests fail.
silverwind pushed a commit to silverwind/gitea that referenced this pull request Feb 20, 2024
@wxiaoguang @silverwind
Update go dependencies (go-gitea#28518)
a4eda9e 
Update golang.org/x/crypto for CVE-2023-48795 and update other packages.
`go-git` is not updated because it needs time to figure out why some
tests fail.
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Mar 17, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@delvh delvh delvh approved these changes

@techknowlogick techknowlogick techknowlogick approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.22.0
Development

Successfully merging this pull request may close these issues.
5 participants
@wxiaoguang @techknowlogick @delvh @lunny @GiteaBot