Update package version to 1.35.3

| datasource      | package        | from   | to     |
| --------------- | -------------- | ------ | ------ |
| github-releases | go-gitea/gitea | 1.23.6 | 1.23.7 |

CHANGELOG.md

@@ -1696,3 +1696,67 @@
 * Build Gitea with Golang v1.23.6 to fix security bugs
 * Fix a bug caused by status webhook template #33512
 
+[1.34.3]
+* Update gitea to 1.23.4
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.4)
+* Enhance routers for the Actions variable operations (#33547) (#33553)
+* Enhance routers for the Actions runner operations (#33549) (#33555)
+* Fix project issues list and counting (#33594) #33619
+* Add a transaction to pickTask (#33543) (#33563)
+* Fix mirror bug (#33597) (#33607)
+* Use default Git timeout when checking repo health (#33593) (#33598)
+* Fix PR's target branch dropdown (#33589) (#33591)
+* Fix various problems (artifact order, api empty slice, assignee check, fuzzy prompt, mirror proxy, adopt git) (#33569) (#33577)
+* Rework suggestion backend (#33538) (#33546)
+* Fix context usage (#33554) (#33557)
+
+[1.34.4]
+* Update gitea to 1.23.5
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.5)
+* Compile with Go 1.24.1
+* Bump x/oauth2 & x/crypto (#33704) (#33727)
+* Optimize user dashboard loading (#33686) (#33708)
+* Fix navbar dropdown item align (#33782)
+* Fix inconsistent closed issue list icon (#33722) (#33728)
+* Fix for Maven Package Naming Convention Handling (#33678) (#33679)
+* Improve Open-with URL encoding (#33666) (#33680)
+* Deleting repository should unlink all related packages (#33653) (#33673)
+* Fix omitempty bug (#33663) (#33670)
+* Upgrade go-crypto from 1.1.4 to 1.1.6 (#33745) (#33754)
+* Fix OCI image.version annotation for releases to use full semver (#33698) (#33701)
+* Try to fix ACME path when renew (#33668) (#33693)
+* Fix mCaptcha bug (#33659) (#33661)
+* Git graph: don't show detached commits (#33645) (#33650)
+
+[1.35.0]
+* Base image 5
+
+[1.35.1]
+* Fix hard coded mysql hostname
+
+[1.35.2]
+* Update gitea to 1.23.6
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.6)
+* Fix LFS URL (#33840) (#33843)
+* Update jwt and redis packages (#33984) (#33987)
+* Update golang crypto and net (#33989)
+* Drop timeout for requests made to the internal hook api (#33947) (#33970)
+* Fix maven panic when no package exists (#33888) (#33889)
+* Fix markdown render (#33870) (#33875)
+* Fix auto concurrency cancellation skips commit status updates (#33764) (#33849)
+* Fix oauth2 auth (#33961) (#33962)
+
+[1.35.3]
+* Update gitea to 1.23.7
+* [Full Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.23.7)
+* Compile with Go 1.23.8
+* Add a config option to block "expensive" pages for anonymous users ([#​34024](https://github.com/go-gitea/gitea/issues/34024)) ([#​34071](https://github.com/go-gitea/gitea/issues/34071))
+* Also check default ssh-cert location for host ([#​34099](https://github.com/go-gitea/gitea/issues/34099)) ([#​34100](https://github.com/go-gitea/gitea/issues/34100)) ([#​34116](https://github.com/go-gitea/gitea/issues/34116))
+* Fix discord webhook 400 status code when description limit is exceeded ([#​34084](https://github.com/go-gitea/gitea/issues/34084)) ([#​34124](https://github.com/go-gitea/gitea/issues/34124))
+* Get changed files based on merge base when checking `pull_request` actions trigger ([#​34106](https://github.com/go-gitea/gitea/issues/34106)) ([#​34120](https://github.com/go-gitea/gitea/issues/34120))
+* Fix invalid version in RPM package path ([#​34112](https://github.com/go-gitea/gitea/issues/34112)) ([#​34115](https://github.com/go-gitea/gitea/issues/34115))
+* Return default avatar url when user id is zero rather than updating database ([#​34094](https://github.com/go-gitea/gitea/issues/34094)) ([#​34095](https://github.com/go-gitea/gitea/issues/34095))
+* Add additional ReplaceAll in pathsep to cater for different pathsep ([#​34061](https://github.com/go-gitea/gitea/issues/34061)) ([#​34070](https://github.com/go-gitea/gitea/issues/34070))
+* Try to fix check-attr bug ([#​34029](https://github.com/go-gitea/gitea/issues/34029)) ([#​34033](https://github.com/go-gitea/gitea/issues/34033))
+* Git client will follow 301 but 307 ([#​34005](https://github.com/go-gitea/gitea/issues/34005)) ([#​34010](https://github.com/go-gitea/gitea/issues/34010))
+

CloudronManifest.json

@@ -4,8 +4,8 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.34.2",
-  "upstreamVersion": "1.23.3",
+  "version": "1.35.3",
+  "upstreamVersion": "1.23.7",
   "healthCheckPath": "/explore",
   "httpPort": 3000,
   "memoryLimit": 536870912,

Dockerfile

@@ -1,28 +1,27 @@
-FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
+FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
 
 RUN apt-get update && \
-    apt-get install -y openssh-server git asciidoctor pandoc && \
+    apt-get install -y openssh-server git asciidoctor pandoc pipx && \
     rm -rf /etc/ssh_host_* && \
     rm -r /var/cache/apt /var/lib/apt/lists
-RUN pip3 install jupyter
+
+# pipx --global does not work, not sure why
+RUN PIPX_HOME=/opt/pipx PIPX_BIN_DIR=/usr/local/bin pipx install jupyter docutils --include-deps
 
 ADD supervisor/ /etc/supervisor/conf.d/
 
-RUN adduser --disabled-login --gecos 'Gitea' git
-# by default, git account is created as inactive which prevents login via openssh
-# https://github.com/gitlabhq/gitlabhq/issues/5304
-RUN passwd -d git
-
-RUN mkdir -p /home/git/gitea
+RUN useradd --comment "Gogs" --create-home --shell /bin/bash git
+RUN passwd -d git # by default, git account is created as inactive which prevents login via openssh. this disables password for account
 WORKDIR /home/git
 
 # for autosign feature
 ENV GNUPGHOME="/app/data/gnupg"
 
 # renovate: datasource=github-releases depName=go-gitea/gitea versioning=semver extractVersion=^v(?<version>.+)$
-ARG GITEA_VERSION=1.23.3
+ARG GITEA_VERSION=1.23.7
 
-RUN curl -L https://dl.gitea.io/gitea/${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
+RUN mkdir -p /home/git/gitea && \
+    curl -L https://github.com/go-gitea/gitea/releases/download/v${GITEA_VERSION}/gitea-${GITEA_VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea
 
 # setup config paths

sshd_config

@@ -1,80 +1,37 @@
-# Package generated configuration file
-# See the sshd_config(5) manpage for details
-
-# What ports, IPs and protocols we listen for
 Port 29418
-# Use these options to restrict which interfaces/protocols sshd will bind to
+
+AddressFamily any
 ListenAddress 0.0.0.0
 ListenAddress ::
-Protocol 2
-# HostKeys for protocol version 2
+
 HostKey /app/data/sshd/ssh_host_rsa_key
-HostKey /app/data/sshd/ssh_host_dsa_key
 HostKey /app/data/sshd/ssh_host_ecdsa_key
 HostKey /app/data/sshd/ssh_host_ed25519_key
 
-# Logging
-SyslogFacility AUTH
 LogLevel INFO
 
-# Authentication:
-LoginGraceTime 120
-PermitRootLogin prohibit-password
-StrictModes yes
-
-PubkeyAuthentication yes
-#AuthorizedKeysFile	%h/.ssh/authorized_keys
-
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-
-# To enable empty passwords, change to yes (NOT RECOMMENDED)
-PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Change to no to disable tunnelled clear text passwords
-#PasswordAuthentication yes
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosGetAFSToken no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-
-X11Forwarding yes
-X11DisplayOffset 10
-PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
-#UseLogin no
-
-#MaxStartups 10:30:60
-#Banner /etc/issue.net
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM no
+# no reverse DNS lookup
 UseDNS no
+UsePAM no
+AllowAgentForwarding no
+AllowTcpForwarding no
+PrintMotd no
+PrintLastLog no
+
+LoginGraceTime 120
+StrictModes yes
+PubkeyAuthentication yes
+PermitUserEnvironment yes
+PermitRootLogin no
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PermitEmptyPasswords no
+HostbasedAuthentication no
+
+AllowUsers git
+
+Banner none
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+AcceptEnv GIT_PROTOCOL LANG LC_*
+

start.sh

@@ -11,7 +11,7 @@ setup_oidc_source() {
     echo "==> Setup OIDC source"
 
     now=$(date +%s)
-    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -e \
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -e \
         "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
 }
 
@@ -41,7 +41,7 @@ setup_auth() {
         setup_oidc_source
     fi
 
-    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h"${CLOUDRON_MYSQL_HOST}" -P"${CLOUDRON_MYSQL_PORT}" --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
     # be careful, not to create root user for existing LDAP based installs
     if [[ "${user_count}" == "0" ]]; then
         echo "==> Setting up root user for first run"

test/package-lock.json

@@ -9,11 +9,11 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^133.0.0",
+        "chromedriver": "^135.0.0",
         "expect.js": "^0.3.1",
         "mocha": "^11.1.0",
-        "selenium-webdriver": "^4.28.1",
-        "superagent": "^10.1.1"
+        "selenium-webdriver": "^4.31.0",
+        "superagent": "^10.2.0"
       }
     },
     "node_modules/@bazel/runfiles": {
@@ -380,9 +380,9 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "133.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-133.0.0.tgz",
-      "integrity": "sha512-7arRrtD9WGSlemMLE4IOoD42OSKKyOtQP/Z0x/WB5jYSaCzcI95j67EK0wQ2w1y5IjSJnYvnmXOJM6Nla4OG2w==",
+      "version": "135.0.0",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-135.0.0.tgz",
+      "integrity": "sha512-ilE3cIrIieiRU/a6MNpt0CL0UZs2tu0lQAes+el5SV03MB1zYIEXy+dDeueid/g8AmT1loy7TB2fjWwcHLY8lg==",
       "hasInstallScript": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -1654,9 +1654,9 @@
       ]
     },
     "node_modules/selenium-webdriver": {
-      "version": "4.28.1",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.28.1.tgz",
-      "integrity": "sha512-TwbTpu/NUQkorBODGAkGowJ8sar63bvqi66/tjqhS05rBl34HkVp8DoRg1cOv2iSnNonVSbkxazS3wjbc+NRtg==",
+      "version": "4.31.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.31.0.tgz",
+      "integrity": "sha512-0MWEwypM0+c1NnZ87UEMxZdwphKoaK2UJ2qXzKWrJiM0gazFjgNVimxlHTOO90G2cOhphZqwpqSCJy62NTEzyA==",
       "funding": [
         {
           "type": "github",
@@ -1883,9 +1883,9 @@
       }
     },
     "node_modules/superagent": {
-      "version": "10.1.1",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-10.1.1.tgz",
-      "integrity": "sha512-9pIwrHrOj3uAnqg9gDlW7EA2xv+N5au/dSM0kM22HTqmUu8jBxNT+8uA7tA3UoCnmiqzpSbu8rasIUZvbyamMQ==",
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-10.2.0.tgz",
+      "integrity": "sha512-IKeoGox6oG9zyDeizaezkJ2/aK0wc5la9st7WsAKyrAkfJ56W3whVbVtF68k6wuc87/y9T85NyON5FLz7Mrzzw==",
       "license": "MIT",
       "dependencies": {
         "component-emitter": "^1.3.0",
@@ -2385,9 +2385,9 @@
       }
     },
     "chromedriver": {
-      "version": "133.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-133.0.0.tgz",
-      "integrity": "sha512-7arRrtD9WGSlemMLE4IOoD42OSKKyOtQP/Z0x/WB5jYSaCzcI95j67EK0wQ2w1y5IjSJnYvnmXOJM6Nla4OG2w==",
+      "version": "135.0.0",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-135.0.0.tgz",
+      "integrity": "sha512-ilE3cIrIieiRU/a6MNpt0CL0UZs2tu0lQAes+el5SV03MB1zYIEXy+dDeueid/g8AmT1loy7TB2fjWwcHLY8lg==",
       "requires": {
         "@testim/chrome-version": "^1.1.4",
         "axios": "^1.7.4",
@@ -3269,9 +3269,9 @@
       "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
     },
     "selenium-webdriver": {
-      "version": "4.28.1",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.28.1.tgz",
-      "integrity": "sha512-TwbTpu/NUQkorBODGAkGowJ8sar63bvqi66/tjqhS05rBl34HkVp8DoRg1cOv2iSnNonVSbkxazS3wjbc+NRtg==",
+      "version": "4.31.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.31.0.tgz",
+      "integrity": "sha512-0MWEwypM0+c1NnZ87UEMxZdwphKoaK2UJ2qXzKWrJiM0gazFjgNVimxlHTOO90G2cOhphZqwpqSCJy62NTEzyA==",
       "requires": {
         "@bazel/runfiles": "^6.3.1",
         "jszip": "^3.10.1",
@@ -3426,9 +3426,9 @@
       "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig=="
     },
     "superagent": {
-      "version": "10.1.1",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-10.1.1.tgz",
-      "integrity": "sha512-9pIwrHrOj3uAnqg9gDlW7EA2xv+N5au/dSM0kM22HTqmUu8jBxNT+8uA7tA3UoCnmiqzpSbu8rasIUZvbyamMQ==",
+      "version": "10.2.0",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-10.2.0.tgz",
+      "integrity": "sha512-IKeoGox6oG9zyDeizaezkJ2/aK0wc5la9st7WsAKyrAkfJ56W3whVbVtF68k6wuc87/y9T85NyON5FLz7Mrzzw==",
       "requires": {
         "component-emitter": "^1.3.0",
         "cookiejar": "^2.1.4",

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^133.0.0",
+    "chromedriver": "^135.0.0",
     "expect.js": "^0.3.1",
     "mocha": "^11.1.0",
-    "selenium-webdriver": "^4.28.1",
-    "superagent": "^10.1.1"
+    "selenium-webdriver": "^4.31.0",
+    "superagent": "^10.2.0"
   }
 }