Git with a cup of tea, painless self-hosted git service
Go to file
dependabot[bot] bdf8c80f41
Bump json5 from 1.0.1 to 1.0.2 (#22365)
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/releases">json5's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.2</h2>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>)
This also fixes a prototype pollution vulnerability reported by Jonathan
Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>).
This has been backported to v1. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/298">#298</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/blob/main/CHANGELOG.md">json5's
changelog</a>.</em></p>
<blockquote>
<h3>Unreleased [<a
href="https://github.com/json5/json5/tree/main">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.3...HEAD">diff</a>]</h3>
<h3>v2.2.3 [<a
href="https://github.com/json5/json5/tree/v2.2.3">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.2...v2.2.3">diff</a>]</h3>
<ul>
<li>Fix: json5@2.2.3 is now the 'latest' release according to npm
instead of
v1.0.2. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/299">#299</a>)</li>
</ul>
<h3>v2.2.2 [<a
href="https://github.com/json5/json5/tree/v2.2.2">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2">diff</a>]</h3>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays.
(<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>)
This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>).</li>
</ul>
<h3>v2.2.1 [<a
href="https://github.com/json5/json5/tree/v2.2.1">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.0...v2.2.1">diff</a>]</h3>
<ul>
<li>Fix: Removed dependence on minimist to patch CVE-2021-44906. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/266">#266</a>)</li>
</ul>
<h3>v2.2.0 [<a
href="https://github.com/json5/json5/tree/v2.2.0">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.3...v2.2.0">diff</a>]</h3>
<ul>
<li>New: Accurate and documented TypeScript declarations are now
included. There
is no need to install <code>@types/json5</code>. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/236">#236</a>,
<a
href="https://github-redirect.dependabot.com/json5/json5/issues/244">#244</a>)</li>
</ul>
<h3>v2.1.3 [<a
href="https://github.com/json5/json5/tree/v2.1.3">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.2...v2.1.3">diff</a>]</h3>
<ul>
<li>Fix: An out of memory bug when parsing numbers has been fixed. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/228">#228</a>,
<a
href="https://github-redirect.dependabot.com/json5/json5/issues/229">#229</a>)</li>
</ul>
<h3>v2.1.2 [<a
href="https://github.com/json5/json5/tree/v2.1.2">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.1...v2.1.2">diff</a>]</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a62db1e51e"><code>a62db1e</code></a>
1.0.2</li>
<li><a
href="e0c23fe458"><code>e0c23fe</code></a>
docs: update CHANGELOG for v1.0.2</li>
<li><a
href="62a6540840"><code>62a6540</code></a>
fix: add <strong>proto</strong> to objects and arrays</li>
<li>See full diff in <a
href="https://github.com/json5/json5/compare/v1.0.1...v1.0.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json5&package-manager=npm_and_yarn&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/go-gitea/gitea/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-08 19:48:00 +08:00
.gitea Issue template form (#16349) 2021-09-15 20:33:13 +03:00
.github update discord invite (#19907) 2022-06-07 11:40:27 -04:00
assets Update Emoji dataset to Unicode 14 (#22342) 2023-01-04 11:52:48 -06:00
build Fix unstable emoji sort (#22346) 2023-01-05 13:58:51 +02:00
cmd Move convert package to services (#22264) 2022-12-29 10:57:15 +08:00
contrib Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
custom/conf Add option to prohibit fork if user reached maximum limit of repositories (#21848) 2022-12-27 15:21:14 -06:00
docker Remove deprecated DSA host key from Docker Container (#21522) 2022-11-03 19:49:12 +08:00
docs Add deprecated warning for DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR (#22318) 2023-01-03 07:54:27 +08:00
models Always reuse transaction (#22362) 2023-01-08 09:34:58 +08:00
modules Always reuse transaction (#22362) 2023-01-08 09:34:58 +08:00
options [skip ci] Updated licenses and gitignores 2023-01-01 00:19:35 +00:00
public Update JS dependencies and eslint (#22190) 2022-12-20 17:15:47 -05:00
routers make /{username}.png redirect to user/org avatar (#22356) 2023-01-06 13:44:02 +01:00
services Always reuse transaction (#22362) 2023-01-08 09:34:58 +08:00
snap Remove unnecessary whitespace in snapcraft.yaml (#22090) 2022-12-10 08:31:16 -06:00
templates Fix due date rendering the wrong date in issue (#22302) 2023-01-02 10:49:05 +08:00
tests Move convert package to services (#22264) 2022-12-29 10:57:15 +08:00
tools Rewrite fuzzers to native Go harnesses (#22313) 2023-01-05 10:33:00 +08:00
web_src Add Mermaid copy button, avoid unnecessary tooltip hide (#22225) 2022-12-25 18:17:48 +01:00
.air.toml Add more test directory to exclude dir of air, remove watching templates from air include dir because gitea has internal mechanism (#22246) 2022-12-27 14:00:34 +08:00
.changelog.yml Changelog for v1.15.0-rc1 (#16422) 2021-07-15 11:47:57 -04:00
.dockerignore Add .dockerignore (#21753) 2022-11-10 04:04:09 +01:00
.drone.yml Run hugo via go run and lock its version (#22206) 2022-12-21 21:09:53 -05:00
.editorconfig Add markdownlint (#20512) 2022-07-28 09:22:47 +08:00
.eslintrc.yaml Update JS dependencies and eslint (#22190) 2022-12-20 17:15:47 -05:00
.gitattributes Hook go-licenses into tidy again (#21353) 2022-10-10 20:45:02 +02:00
.gitignore Add go licenses to licenses.txt (#21034) 2022-09-04 00:20:46 +02:00
.gitpod.yml Add sqlite vscode extension to Gitpod configuration (#21552) 2022-10-24 16:55:59 -04:00
.golangci.yml Update go dev dependencies (#22064) 2022-12-08 16:21:37 +08:00
.ignore Add some .ignore entries (#18296) 2022-01-16 17:26:15 +00:00
.lgtm refactor: ignore LGTM from author of pull request. (#3283) 2018-01-02 06:13:49 -06:00
.markdownlint.yaml Add markdownlint (#20512) 2022-07-28 09:22:47 +08:00
.npmrc Stop packaging node_modules in release tarballs (#15273) 2021-04-09 01:08:14 -04:00
.spectral.yaml Add spectral linter for Swagger (#20321) 2022-07-11 18:07:16 -05:00
.stylelintrc.yaml Move all remaining colors into CSS variables (#21903) 2022-11-23 08:22:27 +08:00
BSDmakefile Add BSDmakefile to prevent errors when make is called under FreeBSD (#4446) 2018-07-16 20:45:51 +02:00
build.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
CHANGELOG.md Changelog v1.18.0 (#22215) (#22269) 2022-12-31 03:17:54 +01:00
CONTRIBUTING.md Update standard copyright header to use a placeholder year (#22254) 2022-12-27 11:51:23 -06:00
DCO follow the advisor: add DCO and some improvements 2016-11-04 16:43:41 +08:00
Dockerfile Update to Alpine 3.17 (#21904) 2022-12-02 11:23:26 -05:00
Dockerfile.rootless Add dumb-init to rootless docker (#21775) 2022-12-04 11:12:06 +00:00
go.mod Upgrade go-chi to v5.0.8 (#22304) 2023-01-01 11:23:26 +01:00
go.sum Upgrade go-chi to v5.0.8 (#22304) 2023-01-01 11:23:26 +01:00
LICENSE Fix typo 2016-11-08 08:42:05 +01:00
main.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
MAINTAINERS Update username (#22147) 2022-12-16 15:11:03 +02:00
Makefile Add more test directory to exclude dir of air, remove watching templates from air include dir because gitea has internal mechanism (#22246) 2022-12-27 14:00:34 +08:00
package-lock.json Bump json5 from 1.0.1 to 1.0.2 (#22365) 2023-01-08 19:48:00 +08:00
package.json Update JS dependencies and eslint (#22190) 2022-12-20 17:15:47 -05:00
playwright.config.js Update JS dependencies and eslint config (#21388) 2022-10-10 20:02:20 +08:00
README_ZH.md Refactor Gitpod configuration to improve quick spin up of automated dev environments (#21411) 2022-10-12 12:17:04 -04:00
README.md Add cynkra bronze sponsor (#21325) 2022-10-13 21:44:04 -04:00
SECURITY.md Add markdownlint (#20512) 2022-07-28 09:22:47 +08:00
vitest.config.js Update JS dependencies and eslint (#22190) 2022-12-20 17:15:47 -05:00
webpack.config.js Update JS dependencies and eslint (#22190) 2022-12-20 17:15:47 -05:00

Gitea

Gitea - Git with a cup of tea

Contribute with Gitpod

View this document in Chinese

Purpose

The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service.

As Gitea is written in Go, it works across all the platforms and architectures that are supported by Go, including Linux, macOS, and Windows on x86, amd64, ARM and PowerPC architectures. You can try it out using the online demo. This project has been forked from Gogs since November of 2016, but a lot has changed.

Building

From the root of the source tree, run:

TAGS="bindata" make build

or if SQLite support is required:

TAGS="bindata sqlite sqlite_unlock_notify" make build

The build target is split into two sub-targets:

  • make backend which requires Go Stable, required version is defined in go.mod.
  • make frontend which requires Node.js LTS or greater and Internet connectivity to download npm dependencies.

When building from the official source tarballs which include pre-built frontend files, the frontend target will not be triggered, making it possible to build without Node.js and Internet connectivity.

Parallelism (make -j <num>) is not supported.

More info: https://docs.gitea.io/en-us/install-from-source/

Using

./gitea web

NOTE: If you're interested in using our APIs, we have experimental support with documentation.

Contributing

Expected workflow is: Fork -> Patch -> Push -> Pull Request

NOTES:

  1. YOU MUST READ THE CONTRIBUTORS GUIDE BEFORE STARTING TO WORK ON A PULL REQUEST.
  2. If you have found a vulnerability in the project, please write privately to security@gitea.io. Thanks!

Translating

Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.

You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.

https://docs.gitea.io/en-us/translation-guidelines/

Crowdin

Further information

For more information and instructions about how to install Gitea, please look at our documentation. If you have questions that are not covered by the documentation, you can get in contact with us on our Discord server or create a post in the discourse forum.

We maintain a list of Gitea-related projects at gitea/awesome-gitea.

The Hugo-based documentation theme is hosted at gitea/theme.

The official Gitea CLI is developed at gitea/tea.

Authors

Backers

Thank you to all our backers! 🙏 [Become a backer]

Sponsors

Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]

FAQ

How do you pronounce Gitea?

Gitea is pronounced /ɡɪti:/ as in "gi-tea" with a hard g.

Why is this not hosted on a Gitea instance?

We're working on it.

License

This project is licensed under the MIT License. See the LICENSE file for the full license text.

Screenshots

Looking for an overview of the interface? Check it out!

Dashboard User Profile Global Issues
Branches Web Editor Activity
New Migration Migrating Pull Request View
Pull Request Dark Diff Review Dark Diff Dark