Mirror/gitea-mirror
1
0
Fork 0
mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2026-04-11 13:37:44 +03:00
Code Issues Packages Projects Releases Wiki Activity
656 Commits 1 Branch 94 Tags
5ea2abff850aaaf87a6b937d78628ad37282abac
Commit Graph

16 Commits

Author SHA1 Message Date
ARUNAVO RAY
299659eca2 fix: resolve CVEs, upgrade to Astro v6, and harden API security (#227) 
* fix: resolve CVEs, upgrade to Astro v6, and harden API security

Docker image CVE fixes:
- Install git-lfs v3.7.1 from GitHub releases (Go 1.25) instead of
  Debian apt (Go 1.23.12), fixing CVE-2025-68121 and 8 other Go stdlib CVEs
- Strip build-only packages (esbuild, vite, rollup, svgo, tailwindcss)
  from production image, eliminating 9 esbuild Go stdlib CVEs

Dependency upgrades:
- Astro v5 → v6 (includes Vite 7, Zod 4)
- Remove legacy content config (src/content/config.ts)
- Update HealthResponse type for simplified health endpoint
- npm overrides for fast-xml-parser ≥5.3.6, devalue ≥5.6.2,
  node-forge ≥1.3.2, svgo ≥4.0.1, rollup ≥4.59.0

API security hardening:
- /api/auth/debug: dev-only, require auth, remove user-creation POST,
  strip trustedOrigins/databaseConfig from response
- /api/auth/check-users: return boolean hasUsers instead of exact count
- /api/cleanup/auto: require authentication, remove per-user details
- /api/health: remove OS version, memory, uptime from response
- /api/config: validate Gitea URL protocol (http/https only)
- BETTER_AUTH_SECRET: log security warning when using insecure defaults
- generateRandomString: replace Math.random() with crypto.getRandomValues()
- hashValue: add random salt and timing-safe verification

* repositories: migrate table to tanstack

* Revert "repositories: migrate table to tanstack"

This reverts commit a544b29e6d.

* fixed lock file
 2026-03-15 09:19:24 +05:30
Arunavo Ray
e41b4ffc56 auth: preserve issuer formatting for OIDC 2025-10-26 07:49:42 +05:30
Arunavo Ray
847823bbf8 sso: normalize provider config via discovery 2025-10-22 16:33:33 +05:30
Arunavo Ray
c2f6e73054 Testing Authentik SSO Issues 2025-09-07 19:09:00 +05:30
Arunavo Ray
de314cf174 Fixed Tests 2025-07-27 19:09:56 +05:30
Arunavo Ray
e637d573a2 Fixes 2025-07-27 00:25:19 +05:30
Arunavo Ray
5f45a9a03d updates 2025-07-26 22:06:29 +05:30
Arunavo Ray
0920314679 More fixes in SSO 2025-07-26 20:33:26 +05:30
Arunavo Ray
1f6add5fff Updates to SSO Testing 2025-07-26 19:45:20 +05:30
Arunavo Ray
d4aa665873 more SSO and OIDC fixes 2025-07-21 12:09:38 +05:30
Arunavo Ray
cad77320f3 Added Header Authentication 2025-07-17 16:19:56 +05:30
Arunavo Ray
f83711ecd6 Potential security fixes 2025-07-17 13:41:17 +05:30
Arunavo Ray
6cfe43932f Fixing issues with Better Auth 2025-07-11 00:00:37 +05:30
Arunavo Ray
b838310872 Added Better Auth 2025-07-10 23:15:37 +05:30
Arunavo Ray
46cf117bdf Migrate to Drizzle kit 2025-07-10 21:44:35 +05:30
Arunavo Ray
5d40023de0 🎉 Gitea Mirror: Added 2025-05-18 09:31:23 +05:30