gitea-mirror

Mirror/gitea-mirror

Fork 0

mirror of https://github.com/RayLabsHQ/gitea-mirror.git synced 2026-03-26 23:57:58 +03:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
ARUNAVO RAY	299659eca2	fix: resolve CVEs, upgrade to Astro v6, and harden API security (#227 ) * fix: resolve CVEs, upgrade to Astro v6, and harden API security Docker image CVE fixes: - Install git-lfs v3.7.1 from GitHub releases (Go 1.25) instead of Debian apt (Go 1.23.12), fixing CVE-2025-68121 and 8 other Go stdlib CVEs - Strip build-only packages (esbuild, vite, rollup, svgo, tailwindcss) from production image, eliminating 9 esbuild Go stdlib CVEs Dependency upgrades: - Astro v5 → v6 (includes Vite 7, Zod 4) - Remove legacy content config (src/content/config.ts) - Update HealthResponse type for simplified health endpoint - npm overrides for fast-xml-parser ≥5.3.6, devalue ≥5.6.2, node-forge ≥1.3.2, svgo ≥4.0.1, rollup ≥4.59.0 API security hardening: - /api/auth/debug: dev-only, require auth, remove user-creation POST, strip trustedOrigins/databaseConfig from response - /api/auth/check-users: return boolean hasUsers instead of exact count - /api/cleanup/auto: require authentication, remove per-user details - /api/health: remove OS version, memory, uptime from response - /api/config: validate Gitea URL protocol (http/https only) - BETTER_AUTH_SECRET: log security warning when using insecure defaults - generateRandomString: replace Math.random() with crypto.getRandomValues() - hashValue: add random salt and timing-safe verification * repositories: migrate table to tanstack * Revert "repositories: migrate table to tanstack" This reverts commit `a544b29e6d`. * fixed lock file	2026-03-15 09:19:24 +05:30
Arunavo Ray	0d60c2fdf1	feat: implement createSecureErrorResponse for consistent error handling across API routes	2025-06-12 09:50:43 +05:30
Arunavo Ray	47e1c7b493	feat: Implement automatic database cleanup feature with configuration options and API support	2025-05-24 18:33:59 +05:30

ARUNAVO RAY

299659eca2

fix: resolve CVEs, upgrade to Astro v6, and harden API security (#227 )

* fix: resolve CVEs, upgrade to Astro v6, and harden API security

Docker image CVE fixes:
- Install git-lfs v3.7.1 from GitHub releases (Go 1.25) instead of
  Debian apt (Go 1.23.12), fixing CVE-2025-68121 and 8 other Go stdlib CVEs
- Strip build-only packages (esbuild, vite, rollup, svgo, tailwindcss)
  from production image, eliminating 9 esbuild Go stdlib CVEs

Dependency upgrades:
- Astro v5 → v6 (includes Vite 7, Zod 4)
- Remove legacy content config (src/content/config.ts)
- Update HealthResponse type for simplified health endpoint
- npm overrides for fast-xml-parser ≥5.3.6, devalue ≥5.6.2,
  node-forge ≥1.3.2, svgo ≥4.0.1, rollup ≥4.59.0

API security hardening:
- /api/auth/debug: dev-only, require auth, remove user-creation POST,
  strip trustedOrigins/databaseConfig from response
- /api/auth/check-users: return boolean hasUsers instead of exact count
- /api/cleanup/auto: require authentication, remove per-user details
- /api/health: remove OS version, memory, uptime from response
- /api/config: validate Gitea URL protocol (http/https only)
- BETTER_AUTH_SECRET: log security warning when using insecure defaults
- generateRandomString: replace Math.random() with crypto.getRandomValues()
- hashValue: add random salt and timing-safe verification

* repositories: migrate table to tanstack

* Revert "repositories: migrate table to tanstack"

This reverts commit a544b29e6d.

* fixed lock file

2026-03-15 09:19:24 +05:30

Arunavo Ray

0d60c2fdf1

feat: implement createSecureErrorResponse for consistent error handling across API routes

2025-06-12 09:50:43 +05:30

Arunavo Ray

47e1c7b493

feat: Implement automatic database cleanup feature with configuration options and API support

2025-05-24 18:33:59 +05:30

3 Commits