upstream/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-02-03 20:51:07 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
forgejo/release-notes-published/14.0.0.md
0ko 05269232b8 fix(release): move reverted v14.0.0 feature line to Included for completeness (#10866) 
Followup to https://codeberg.org/forgejo/forgejo/pulls/9409#issuecomment-9894122

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10866
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2026-01-16 12:14:27 +01:00

124 KiB
Raw Permalink Blame History

A companion blog post provides additional context on this major release.

Release notes

  • Breaking security features
    • PR: If SSH is enabled and an authorized_keys file is managed by Forgejo, when Forgejo starts up it will read the SSH authorized_keys file and validate the file's contents. If any keys are found in the file that are not expected, then Forgejo will terminate its startup in order to signal to the server administrator that a security risk is present that must be addressed. The server administrator can address this problem either by deleting the authorized_keys file, which Forgejo will regenerate with valid keys; or by disabling the new check by setting [server].SSH_ALLOW_UNEXPECTED_AUTHORIZED_KEYS = true in their app.ini file.
  • Security features
    • PR: CSRF attacks are now prevented via a stateless method that uses browser Fetch metadata, anti-CSRF tokens are therefore no longer used as such the CSRF_COOKIE_HTTP_ONLY option was removed. Because it is stateless, you can now submit work on tabs that have been open for more than 24 hours. The browser Fetch metadata are supported by all major browsers since 2020 and Safari since 2023, the verification falls back to using the Host and Origin header if no Fetch metadata is sent. Forgejo instances that are hosted on a subpath are no longer protected against CSRF attacks from services that are hosted on the same origin (same scheme, host/domain and port).
    • PR: use keying for task secrets
  • Breaking bug fixes
    • PR: fix!: paginate GET /api/v1/admin/hooks response
    • PR: fix!: Prevent forked .profile repositories from displaying profile content. When a user forked a repository named .profile without having created their own .profile repository, the content from the forked repository was unexpectedly displayed on their public profile page. This could lead to users' profiles displaying content they did not intentionally create for that purpose. Forked .profile repositories are now treated as standard repositories and do not populate the user's public profile page. Users who wish to use the content from a forked .profile repository can convert the fork to a regular repository in the "Danger Zone" section of Repository settings. This issue was particularly problematic on instances where users had repository creation limits (-1) and would inappropriately use forked .profile repositories to obtain profile customization.
    • PR: Forgejo subcommands which only accept flag options would previously ignore any command-line arguments that were not flags and silently proceed to execute the command. This could lead to unexpected effects; for example, --must-change-password false is actually parsed as two arguments, --must-change-password, and false, where the false argument was ignored. In order to prevent misunderstandings where the user may have intended a supported argument format (--must-change-password=false), the presence of extra arguments that are not flags will now result in an error. Users of the Forgejo CLI who are relying on the previous behavior will find their commands are now resulting in errors.
  • User Interface features
    • PR: add admin moderation actions for abuse reports and for reported abusive content
    • PR (backported): feat(ui): replace Monaco with CodeMirror (#10559)
    • PR: feat(ui): improve close/reopen/comment buttons
    • PR (backported): fix(ui): improve rendering of commit links
    • PR: feat(ui): improve rendering commit links for PR commits, external repos and diffs
    • PR: lazy-load all Vue components
    • PR: feat(ui): arrow key navigation in dropdown
    • PR: feat(ui): convert disable/enable workflow menu to JS-less dropdown
    • PR: feat(ui): JS-less sorting on /explore/{users,organizations}
    • PR: feat(ui): JS-less dropdowns in navbar
    • PR: feat(ui): add legends to storage overview (JS-free)
    • PR: feat(ui): responsive, JS-free repo language stats panel
    • PR (backported): feat: show update time when sorting by recently updated
    • PR (backported): feat(ui): show cancel button until all jobs are finished
    • PR: feat(ui): implement new buttons for better cohesiveness
    • PR: feat(ui): allow dropdown to contain not just items
    • PR: feat(ui): improve devtest, link to it from user menu
    • PR: feat(ui): improve admin dashboard cron list
    • PR: ui: improve release editing
    • PR: feat(ui): improve modal width rules
    • PR: move more modals to native dialogs
    • PR: feat(ui): add switch between formats when previewing CITATION.{cff,bib} files
    • PR: convert create/rename branch and create tag to native dialog
    • PR: Add admin individual user email management endpoints
    • PR: feat(ui): improve new buttons, use in more areas
    • PR: feat(ui): dangerous buttons
    • PR: improve tooltips and aria-labels of stars/forks/watchers links
    • PR: Actions jobs that can't be understood display a technical error in the UI, not just server-side logs
    • PR: Drag and drop nested directories
    • PR: ability to filter listed accounts by type in admin dashboard
  • User Interface bug fixes
    • PR: feat(ui): add a little padding-top to form .help
    • PR (backported): fix: proper styling for global time tracker popup
    • PR (backported): fix(ui): show switch default branch button in branch list only for repo admins
    • PR (backported): fix(ui): actions list layout breakage with long content
    • PR (backported): fix(ui): pull request merge menu item clipping the auto merge tip
    • PR: fix(ui): make it possible to post issues and comments w/o JS
    • PR (backported): fix(ui): process dynamically added content via htmx
    • PR (backported): fix(ui): don't stretch activity top author image
    • PR (backported): fix: add dynamic aria-label to monospace button in markdown editor
    • PR: Fixed SSH key verification instructions for Windows cmd
    • PR (backported): fix: align due date icon in issue list
    • PR (backported): fix: ignore private .profile repo on user profile page
    • PR (backported): Add to html button in markdown type="button"
    • PR (backported): fix(ui): add missing space before 'Commit' back
    • PR: fix(ui): fix width of attached fomantic segments
    • PR: fix(ui): use octicon-repo-forked in repo list
    • PR: fix(ui): document token validity in key verification view
    • PR: fix(ui): replace obsolete gt- helpers
    • PR: fix(ui/dropdown): ensure same height for all items
    • PR: fix(ui): improve markdown editor indentation counting
    • PR: prevent page jumps due to textarea auto resizing
    • PR: stop clone-panel enlarging site on mobile
    • PR: fix(ui): strike through deleted comment revisions
  • Localization
  • Features
    • PR: feat(actions): make GITHUB_WORKFLOW_REF available
    • PR: allow/disallow users to run workflows when pushing to a pull request from a fork
    • PR (backported): feat: provide multiple tasks to Runner in one FetchTask when requested
    • PR: Add support for administrators to set email visibility on user accounts
    • PR: Foreign keys have been added to the Forgejo database schema, which may identify data inconsistencies during the v41 database schema upgrade. If migration errors occur, forgejo doctor check --all can be used to identify the inconsistent records, which can be manually corrected or deleted. forgejo doctor check --all --fix will automatically delete the inconsistent records. Affected tables in this release are: stopwatch (references issue and user), and tracked_time (references issue and user).
    • PR (backported): feat: add Forgejo server version to runner context
    • PR: feat(actions): support referencing ${{ needs... }} variables in runs-on
    • PR: feat(actions): support referencing ${{ needs... }} variables in strategy.matrix
    • PR: implement "concurrency" block in Forgejo Actions at the workflow level
    • PR: display detailed action run diagnostics
    • PR: add foreign keys to the access table
    • PR: add foreign keys to forgejo_auth_token
    • PR: add foreign keys to table collaboration
    • PR: improve performance of getting shortstat
    • PR: Add YYYY-MM-DD date format support for Pagure milestone migration
    • PR (backported): feat: allow to add pam source from command line
    • PR: chore: Remove IsDeleted from action (activity) table
    • PR: Add support for loading db password from file via PASSD_URI
    • PR: feat(code-search): add support to opt-in for fuzzy search
    • PR: feat(i18n): translate system status data units in runtime
    • PR: Uploaded avatar images can sometimes contain unexpected metadata such as the location where the image was created, or the device the image was created with, stored in a format called EXIF. Forgejo now removes EXIF data when custom user and repository images are uploaded in order to reduce the risk of personally identifiable information being leaked unexpectedly. A new CLI subcommand forgejo doctor avatar-strip-exif can be used to strip EXIF information from all existing avatars; we recommend that administrators run this command once after upgrade in order to minimize this risk for existing stored files.
    • PR: allow sync quota groups with oauth2 auth source
    • PR: feat(slack): place user names into inline code blocks for Slack
    • PR: feat(issue-search): support query syntax
    • PR: allow PRs between common forks of the same base repository
    • PR: show link to pull requests targeting a non-default branch when pushing
    • PR: Allow referencing inputs in jobs.<job_id>.runs-on
    • PR: feat(email): reference the commit closing the issue
    • PR: display the PR editable status in the right-hand side menu
  • Bug fixes
    • PR: fix(actions): improve errors when ${{ needs... }} is used in strategy.matrix incorrectly
    • PR: handle empty dates in pagure milestone migration
    • PR: include variable values in /repos/.../actions/variables API response
    • PR: github issue migration failing for large datasets
    • PR (backported): fix: add forgejo doctor cleanup-commit-status command to recover from #10671
    • PR (backported): fix: correctly compute required commit status
    • PR (backported): fix: internal server error on a large .gitmodules
    • PR: reduce deadlocks merging PRs w/ async milestone stat recalcs
    • PR (backported): fix: display orphan branches separately in commit graph
    • PR (backported): fix: allow Actions trust management on conflicted PRs
    • PR: reduce deadlocks merging PRs by using caching for repo issue count stats
    • PR: reduce deadlocks merging PRs w/ async label stat recalcs
    • PR: possible cause of invalid issue counts; cache module doesn't guarantee concurrency safety
    • PR: prevent deadlocks updating repo.num_action_runs/num_closed_action_runs
    • PR: possible cause of invalid issue counts; cache invalidation occurs before a active transaction is committed
    • PR (backported): fix: always search for issue posters by user and full name
    • PR: garbage collect lingering actions logs
    • PR: fix(10359): Count releases correctly when using filters (q)
    • PR: fix(actions): replace hardcoded with dynamically determined workflow directory
    • PR: Allow SHA-256 in PR commit URLs
    • PR: display action run attempt status instead of job status
    • PR: Fix merge message template with empty message
    • PR: issues and pulls route permitted extra characters
    • PR: i18n: translate Actions PreExecutionError for viewer
    • PR: replace limit/offset pagination in debian SearchPackages
    • PR: stuck gitea migration due to gita api pagination bug
    • PR: replace bad pagination to cleanup branch protection rules on user delete
    • PR: replace buggy limit/offset pagination in DoctorUserStarNum
    • PR: fix(perf): add missing index on action_task table
    • PR: strict error handling on corrupted DB migration tracking tables
    • PR: OpenGraph cards for some issues show wrong timestamp
  • User Interface changes without a feature or bug label
    • PR (backported): chore(ui): cleanup PR checks area
    • PR (backported): fix(ui): avatar for dismissed review is stretched if not square
    • PR: chore(ui): cleanup reviews css, improve consistency
    • PR: Prioritize Noto Sans over Roboto and Noto Sans Hebrew over Arial
    • PR: chore(ui): a few consistency improvements for modals
    • PR: refactor(ui): re-implement icon colors but for all thin elements
    • PR: fix(ui): Don't use the subtle color for log text
  • Other changes without a feature or bug label
    • PR (backported): fix: drop sqlite shared cache
    • PR (backported): migration: update existing foreign key migrations to automatically fix inconsistencies
    • PR: refactor: migrate from lib/pq to jackc/pgx
    • PR: add foreign keys to table pull_request
    • PR: feat(ssh): use AppDomain for key verification
    • PR: false error logging "Render JSON failed" from workflow dispatch via API
  • Included for completeness but not user-facing (chores, etc.)
    • PR: fix(i18n/en): improve search syntax hints
    • PR: [skip ci] : chore(release): delete previously announced release notes
    • PR (backported): chore: correct spelling error in cleanup-commit-status CLI docs
    • PR: bug: issue/1869-gitlab-migration-references
    • PR: 2025-11-21 combined security patches
    • PR (backported): fix: make lastcommit available for non-signed-in users
    • PR: don't push LFS when using SSH authentication
    • PR: Update CodeMirror (v14.0/forgejo)
    • PR: Update module code.forgejo.org/forgejo/actions-proto to v0.6.0 (v14.0/forgejo)
    • PR: fix(api/activitypub): simplify signature requirements
    • PR: January 8th security patches
    • PR (backported): fix: prevent intermittent test failures caused by uncancellable tasks
    • PR (backported): fix: retain Forgejo Action's commit_status entries with distinct descriptions
    • PR (backported): fix: in-progress job icon doesn't rotate on repo's action list (#10656)
    • PR (backported): chore(cleanup): move all test blank imports in a single package
    • PR (backported): chore: download git-man over TLS
    • PR (backported): fix: don't duplicate commit status records on workflows with empty name
    • PR: Use receive.hideRefs
    • PR (backported): fix: build-release workflow stops its own end-to-end checks when run concurrently
    • PR: bug: signature: modify URL after error check
    • PR (backported): test: fix intermittent PostgreSQL failure in TestAdminViewRepos
    • PR (backported): fix: ListTrackedTimes API has no defined record ordering
    • PR (backported): port(gitea): Fix password leak in log messages (go-gitea/gitea!35584)
    • PR: fix(api): add stub outboxes to actors
    • PR: refactor: extract ActionJobStep from RepoActionView
    • PR: render a link to poster profile next to the ID within shadow copy details
    • PR: realign indexes on the 'action' table
    • PR: add support for ephemeral runners compatible with autoscaling tools
    • PR: Revert "feat: add support for ephemeral runners compatible with autoscaling tools (#9409)"
    • PR: New issue templates
    • PR: Update module github.com/editorconfig/editorconfig-core-go/v2 to v2.6.4 (forgejo)
    • PR: Update dependency swagger-ui-dist to v5.31.0 (forgejo)
    • PR: Update data.forgejo.org/oci/alpine Docker tag to v3.23 (forgejo)
    • PR: Update Node.js to v24.12.0 (forgejo)
    • PR: Update module google.golang.org/protobuf to v1.36.11 (forgejo)
    • PR: Update https://data.forgejo.org/actions/git-backporting action to v4.8.7 (forgejo)
    • PR: Update dependency katex to v0.16.27 (forgejo)
    • PR: Update module github.com/redis/go-redis/v9 to v9.17.2 (forgejo)
    • PR: Update dependency asciinema-player to v3.13.4 (forgejo)
    • PR: fix(user): set ActivityPub users to ProhibitLogin
    • PR: build: use interactive sqlite via nix
    • PR: chore(security): update security.txt with new expiration date
    • PR: Update github.com/go-ap/jsonld digest to e38fa66 (forgejo)
    • PR: fix(ui/buttons): implement .disabled class
    • PR: Update dependency asciinema-player to v3.13.2 (forgejo)
    • PR: Update module code.forgejo.org/forgejo/runner/v12 to v12.2.0 (forgejo)
    • PR: Update module github.com/valyala/fastjson to v1.6.7 (forgejo)
    • PR: log instrumentation & test package
    • PR: 'More actions' (⋯) dropdown from moderation reports overview page
    • PR: docs(API): Correct token summary to specify the used user.
    • PR: rename a file with typo: STMP -> SMTP
    • PR: chore(lint): Ensure consistent import aliasing for services and models
    • PR: Update module golang.org/x/crypto to v0.46.0 (forgejo)
    • PR: Update module golang.org/x/oauth2 to v0.34.0 (forgejo)
    • PR: Lock file maintenance (forgejo)
    • PR: chore(lint): Add exceptions for dbfs_model and unittest
    • PR: Update renovate to v42.39.2 (forgejo)
    • PR: fix(ui): do not wrongly highlight devtest link in navbar menu
    • PR: Update module code.forgejo.org/forgejo/runner/v12 to v12.1.2 (forgejo)
    • PR: Update dependency mermaid to v11.12.2 (forgejo)
    • PR: Update module github.com/blevesearch/bleve/v2 to v2.5.6 (forgejo)
    • PR: Update module code.forgejo.org/forgejo/runner/v12 to v12.1.1 (forgejo)
    • PR: Update dependency eslint-plugin-unicorn to v62 (forgejo)
    • PR: Update dependency @playwright/test to v1.57.0 (forgejo)
    • PR: Update dependency @vitejs/plugin-vue to v6.0.2 (forgejo)
    • PR: Update linters (forgejo)
    • PR: Update dependency vite-string-plugin to v1.4.9 (forgejo)
    • PR: Update dependency go to v1.25.5 (forgejo)
    • PR: Update dependency vue to v3.5.25 (forgejo) - autoclosed
    • PR: Update vitest monorepo to v4.0.14 (forgejo)
    • PR: Update dependency happy-dom to v20.0.11 (forgejo)
    • PR: Update github.com/google/pprof digest to 4902fdd (forgejo)
    • PR: Update renovate to v42.27.5 (forgejo)
    • PR: Update module github.com/klauspost/compress to v1.18.2 (forgejo)
    • PR: Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.6.0 (forgejo)
    • PR: Lock file maintenance (forgejo)
    • PR: path escape browse further URL
    • PR: rework notification table
    • PR: chore(lint): Remove unnecessary depguard rules
    • PR: chore(e2e): use expect().toBeCloseTo instead of Math.round
    • PR: Mention proc-receive in text for dashboard.resync_all_hooks func
    • PR: don't show ConEmu OSC escape sequences
    • PR: pagure migration: Add required headers
    • PR: less restrictive matrix room_id pattern
    • PR: prevent orgs from being added as members of orgs
    • PR: fix(api): set all hook event types
    • PR: set tag message on tag addition
    • PR: construct project links in timeline better
    • PR: Update module code.forgejo.org/forgejo/runner/v12 to v12.1.0 (forgejo)
    • PR: refactor(models/pull): Move code for manual merges into merge_manual.go
    • PR: chore: Add diagnostic log for LDAP logins that expect groups
    • PR: Update dependency webpack to v5.103.0 (forgejo)
    • PR: make sure the details page is still rendered correctly even if the poster of reported comment was deleted
    • PR: fix(api): adminDEleteQuotaRule typo
    • PR: Update module code.forgejo.org/forgejo/runner/v11 to v12 (forgejo)
    • PR: Fix typo
    • PR: chore(release-notes): Forgejo v11.0.8 [skip ci]
    • PR: chore(release-notes): Forgejo v13.0.3 [skip ci]
    • PR: Update x/tools to v0.39.0 (forgejo)
    • PR: Update go-openapi packages (forgejo)
    • PR: Update module github.com/go-ldap/ldap/v3 to v3.4.12 (forgejo)
    • PR: Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.6.2 (forgejo)
    • PR: chore(renovate): support .forgejo/renovate.json
    • PR: Update module golang.org/x/crypto to v0.45.0 (forgejo)
    • PR: chore: pin node version
    • PR: Do not clobber ~/.ssh/authorized_keys in certain tests
    • PR: typo in Actions.SkipWorkflowStrings ini tag
    • PR: test: compare file list instead of byte length in gzipped repo archive test
    • PR: Update https://data.forgejo.org/actions/setup-forgejo action to v3.0.6 (forgejo)
    • PR: add myself to CODEOWNERS for the API
    • PR: Update renovate to v42.11.0 (forgejo)
    • PR: chore: Dead Code: DeleteIssue Notify Topic
    • PR: test: fix modules/queue tests to use TEST_REDIS_SERVER when present
    • PR: handle uppercase in oauth email autoregistration
    • PR: cache derived keys for faster keying
    • PR: Replace "All pull requests" in repo issue filter
    • PR: markup rendering panic must not abort the process
    • PR: fix(ui/releases): strech elements apart when no search bar
    • PR: fix(ui): improve Pagure migrator private issues clarity
    • PR: fix(ui): reworked file preview placement towards better HTML validity, take 2
    • PR: Update dependency go to v1.25 (forgejo)
    • PR: chore: update go target language version to v1.25.0
    • PR: allow unactivated users to send recovery mails
    • PR: chore(ci): limit LDAP service container memory usage to 500M
    • PR: chore(e2e): test flakiness in webauthn.test.e2e.ts
    • PR: test: fix 'Missing required prop' warning during RepoActionView frontend tests
    • PR: fix(ui): fix color of hovering over menu buttons in top nav bar
    • PR: 2025-10-26 Security Patches
    • PR: fix(test): improve reliability of E2E "Button text replaced by JS"
    • PR: chore: bump nixpkgs in flake.lock
    • PR: Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.6.1 (forgejo)
    • PR: chore: unify the usage of CryptoRandomString
    • PR: chore: two small refactors in git module
    • PR: workflow dispatch shouldn't include empty fields in inputs
    • PR: accept true as input in workflow_dispatch
    • PR: Update module golang.org/x/net to v0.47.0 (forgejo)
    • PR: Update go-openapi packages (forgejo)
    • PR: chore(test): cleanup NewRequest which no longer supply CSRF values
    • PR: chore: remove webkit and mobile safari from playwright
    • PR: Update Node.js to v24 (forgejo)
    • PR: make Fetch work with git < 2.41
    • PR: Update module golang.org/x/image to v0.33.0 (forgejo)
    • PR: Update NPM constraint
    • PR: Update Node.js to v24 (forgejo)
    • PR: Update module golang.org/x/crypto to v0.44.0 (forgejo)
    • PR: Update module github.com/blevesearch/bleve/v2 to v2.5.5 (forgejo)
    • PR: fix(ui): prevent JS from removing icon from close/reopen button
    • PR: branding: usage of generate
    • PR: Update renovate to v42 (forgejo) (major)
    • PR: Update module golang.org/x/sys to v0.38.0 (forgejo)
    • PR: gitea_downloader: fix typos
    • PR: chore: adjust failing E2E tests
    • PR: Update https://data.forgejo.org/actions/setup-forgejo action to v3.0.5 (forgejo)
    • PR: Update dependency clippie to v4.1.9 (forgejo)
    • PR: Update dependency sharp to v0.34.5 (forgejo)
    • PR: Update module code.forgejo.org/forgejo/runner/v11 to v11.3.1 (forgejo)
    • PR: Update dependency vue to v3.5.24 (forgejo)
    • PR: chore: simplify GetNote
    • PR: admin repo page error on NumIssues
    • PR: test: Ensure jobs.<job_id>.runs-on works with vars
    • PR: Update dependency go to v1.25.4 (forgejo)
    • PR: /api/forgejo/v1/version Content-Type error
    • PR: chore: use code.forgejo.org/forgejo/actions-proto
    • PR: Update module code.forgejo.org/forgejo/runner/v11 to v11.3.0 (forgejo)
    • PR: Update dependency vue-chartjs to v5.3.3 (forgejo)
    • PR: perf: update concurrency group query to be index-capable for status
    • PR: Use mock server for TestBreakConditions
    • PR: chore(ui): remove unused css of id create-page-form
    • PR: test: concurrent merges targeting separate branches proceed without errors
    • PR: Update dependency globals to v16.5.0 (forgejo)
    • PR: Update renovate to v41.169.1 (forgejo)
    • PR: fix(ui): remove extra helpers from statuspages
    • PR: Update module github.com/blevesearch/bleve/v2 to v2.5.4 (forgejo)
    • PR: Update dependency minimatch to v10.1.1 (forgejo)
    • PR: make edit label dialog work again
    • PR: chore(deps): upgrade xorm to remove access to unsafe BufferSize()
    • PR: update devcontainer tag to go:1.25-trixie
    • PR: chore(release-notes): Forgejo v11.0.7 [skip ci]
    • PR: chore: add release notes for backports of v11 and v13 [skip ci]
    • PR: chore(release-notes): Forgejo v13.0.2 [skip ci]
    • PR: Lock file maintenance (forgejo)
    • PR: return all pending jobs if labels parameter is absent
    • PR: migrate add/remove repositories in team to native dialog
    • PR: minor typos
    • PR: Update dependency mermaid to v11.12.1 (forgejo)
    • PR: show spinner when loading content history menu
    • PR: Update dependency htmx.org to v2.0.8 (forgejo)
    • PR: docs: don't suggest setting default cargo registry
    • PR: don't drop unexpected indexes in Forgejo startup
    • PR: Update data.forgejo.org/oci/golang Docker tag to v1.25 (forgejo)
    • PR: Update module github.com/go-swagger/go-swagger/cmd/swagger to v0.33.1 (forgejo)
    • PR: Update vitest monorepo to v4 (forgejo) (major)
    • PR: Update module github.com/urfave/cli/v3 to v3.5.0 (forgejo)
    • PR: Update module mvdan.cc/gofumpt to v0.9.2 (forgejo)
    • PR: chore: remove two Git settings
    • PR: Update dependency @axe-core/playwright to v4.11.0 (forgejo)
    • PR: Update linters (forgejo)
    • PR: Update dependency happy-dom to v20.0.8 (forgejo)
    • PR: refactor: developer-friendly database schema migration registration
    • PR: refactor: Simplify flake.nix
    • PR: fix(workflows/coverage): use correct forgejo openldap image
    • PR: suppress false-positive error log when PR is already in the automerge queue
    • PR: Update citation-js monorepo to v0.7.21 (forgejo)
    • PR: Update module github.com/klauspost/compress to v1.18.1 (forgejo)
    • PR: Lock file maintenance (forgejo)
    • PR: chore: enable email notifications on pull_request workflows
    • PR: Update renovate to v41.152.9 (forgejo)
    • PR: Update module code.forgejo.org/forgejo/runner/v11 to v11.2.0 (forgejo)
    • PR: chore(i18n): migrate download counts to json
    • PR: dont set merge-base on pull request creation
    • PR: simplify GetPullRequestFiles
    • PR: chore(release-notes): Forgejo v13.0.1
    • PR: chore(release-notes): Forgejo v13.0.0 (followup 1)
    • PR: replace Gitea -> Forgejo in app.example.ini where easily possible
    • PR: empty DBs create tables in an ungoverned order resulting in future foreign key errors
    • PR: integration tests & empty DB creation will fail as soon as forgejo_migrations accesses an existing table
    • PR: chore(release-notes): Forgejo v13.0.0
    • PR: Repo migrate API endpoint returning 200 when it crashes
    • PR: Update x/tools to v0.38.0 (forgejo)
    • PR: test: introduce TruncateBeansCascade test helper to support data cleanup of foreign-key referenced tables
    • PR: Update go-openapi packages (forgejo)
    • PR: Update https://data.forgejo.org/actions/setup-node action to v6 (forgejo)
    • PR: Update dependency happy-dom to v20 (forgejo)
    • PR: Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.4.1 (forgejo)
    • PR: Update linters (forgejo)
    • PR: Update module github.com/dsoprea/go-exif/v3 to v3.0.1 (forgejo)
    • PR: Update https://data.forgejo.org/tj-actions/changed-files action to v47 (forgejo)
    • PR: chore(e2e): address another flakey failure in webauthn.test.e2e.ts
    • PR: Update module github.com/mholt/archives to v0.1.5 (forgejo)
    • PR: chore: make renovate work on v13 forgejo
    • PR: Update dependency chart.js to v4.5.1 (forgejo)
    • PR: include non-conventional headers in payload for git signatures
    • PR: Update dependency go to v1.25.3 (forgejo)
    • PR: avoid jumping to begin of page on edit comment action
    • PR: avoid updating all columns
    • PR: Lock file maintenance (forgejo)
    • PR: chore(e2e): test flakiness in issue-comment-dropzone.test.e2e.ts
    • PR: avoid remote for codeowner's merge base
    • PR: Update dependency katex to v0.16.24 (forgejo)
    • PR: Update renovate to v41.146.0 (forgejo)
    • PR: Update dependency asciinema-player to v3.12.1 (forgejo)
    • PR: Update github.com/rhysd/actionlint (indirect) to v1.7.8 (forgejo)
    • PR: chore(e2e): disable webkit/safari in some tests
    • PR: fix(e2e): disable webkit/safari in tests where they are too falky
    • PR: Update module golang.org/x/image to v0.32.0 (forgejo)
    • PR: chore: remove branding from application run helper
    • PR: chore: remove branding from context imports
    • PR: Update module golang.org/x/net to v0.46.0 (forgejo)
    • PR: chore(ui): remove unused class .small-menu-items
    • PR: Update dependency monaco-editor-webpack-plugin to v7.1.1 (forgejo)
    • PR: Update module golang.org/x/oauth2 to v0.32.0 (forgejo)
    • PR: chore(i18n): move some plural strings to json
    • PR: Update mcr.microsoft.com/devcontainers/go Docker tag to v2 (forgejo)
    • PR: run tsc in CI
    • PR: Update module connectrpc.com/connect to v1.19.1 (forgejo) (followup)
    • PR: Update module golang.org/x/crypto to v0.43.0 (forgejo)
    • PR: Update module connectrpc.com/connect to v1.19.1 (forgejo)
    • PR: Update dependency @vitest/eslint-plugin to v1.3.16 (forgejo)
    • PR: Update linters (forgejo)
    • PR: Update module mvdan.cc/gofumpt to v0.9.1 (forgejo)
    • PR: Update https://data.forgejo.org/actions/checkout action to v5 (forgejo)
    • PR: Update registry.redict.io/redict Docker tag to v7.3.6 (forgejo)
    • PR: Update dependency happy-dom to v19 (forgejo)
    • PR: Update dependency @playwright/test to v1.56.0 (forgejo)
    • PR: Update module github.com/editorconfig-checker/editorconfig-checker/v3/cmd/editorconfig-checker to v3.4.0 (forgejo)
    • PR: Update https://data.forgejo.org/actions/setup-go action to v6 (forgejo)
    • PR: Update x/tools to v0.37.0 (forgejo)
    • PR: fix(ui/mde): fix switch height and buttons alignment
    • PR: Update dependency webpack to v5.102.1 (forgejo)
    • PR: Update module github.com/golangci/golangci-lint/v2/cmd/golangci-lint to v2.5.0 (forgejo)
    • PR: Update dependency go to v1.24.8 (forgejo)
    • PR: Update dependency asciinema-player to v3.11.1 (forgejo)
    • PR: Update dependency esbuild-loader to v4.4.0 (forgejo)
    • PR: Update renovate to v41.135.5 (forgejo)
    • PR: Lock file maintenance (forgejo)
    • PR: chore(release-notes): add chroma updates for v13, v12, v10, v8
    • PR: Update dependency katex to v0.16.23 (forgejo)
    • PR: chore: add unit test for SearchPointerBlobs
    • PR: e2e: Selective screenshots
    • PR: Update module google.golang.org/protobuf to v1.36.10 (forgejo)
    • PR: Lock file maintenance (forgejo)
    • PR: Update dependency typescript to v5.9.3 (forgejo)
    • PR: Update dependency webpack to v5.102.0 (forgejo)
    • PR: Update dependency tailwindcss to v3.4.18 (forgejo)
    • PR: Update dependency @playwright/test to v1.55.1 (forgejo)
    • PR: Update dependency @vitest/eslint-plugin to v1.3.13 (forgejo)
    • PR: chore: add npm version constraint to renovate
    • PR: chore: remove not working PREFERRED_TIMESTAMP_TENSE setting
    • PR: fix(ui): make "Token name"-input a real required-field
    • PR: Update github.com/google/pprof digest to 9e5a51a (forgejo)
    • PR: replace "Gitea" with "Forgejo" in button label
    • PR: replace the plus sign to confirm a new due date on issues with a check mark
    • PR: Update module code.forgejo.org/f3/gof3/v3 to v3.11.1 (forgejo)
    • PR: docs: add back warning as a commit status
    • PR: ensure deleted Debian package does not remain referenced in the apt repository files
    • PR: chore: release-notes-assistant: there may be three supported releases
    • PR: feat(build): add support for the base.Messenger, $.locale.Tr, Form structs to lint-locale-usage
    • PR: add vue data to createApp instead mount
    • PR: Update renovate to v41.131.9 (forgejo)
    • PR: Revert "Update module connectrpc.com/connect to v1.19.0 (forgejo) (#9425)"
    • PR: Update module connectrpc.com/connect to v1.19.0 (forgejo)
  • Already announced in the release notes of an older stable release
    • PR: reduce runtime of container cleanup by relying on mass digest cleanup
    • PR: download logs of currently displayed Action run attempt
    • PR: fix(alt): handle package names with dots in ALT repository
    • PR: pull request review comment position
    • PR: get new session from enginegroup instead of masterengine
    • PR: support git clone when /tmp has noexec
    • PR: endless redirection loop between /user/settings/change_password and /user/settings/security
    • PR: package cleaned rule fails if the keep count is too high
    • PR: db.Iterate can miss records, can return records twice
    • PR: GLOBAL_TWO_FACTOR_REQUIREMENT all prevents actions/checkout from cloning repositories
    • PR: Use scrollHeight for rendered iframe if offsetHeight is unavailable
    • PR: release email links
    • PR: fix(ui): add markup class to project descriptions