Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  Bump minimist from 1.2.5 to 1.2.6 (go-gitea#19194)
  Changelog for 1.16.5 (go-gitea#19189) (go-gitea#19192)
  Fix showing issues in your repositories (go-gitea#18916)
  Update issue_no_dependencies description (go-gitea#19112)
  Prevent redirect to Host (2) (go-gitea#19175)
  Prevent start panic due to missing DotEscape function
  Fix compare link in active feeds for new branch (go-gitea#19149)
  Redirect .wiki/* ui link to /wiki (go-gitea#18831)
  Try to prevent autolinking of displaynames by email readers (go-gitea#19169)
  Update HTTP status codes to modern codes (go-gitea#18063)

Author: zjjhot

CHANGELOG.md

@@ -4,6 +4,37 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.16.5](https://github.com/go-gitea/gitea/releases/tag/v1.16.5) - 2022-03-23
+
+* BREAKING
+  * Bump to build with go1.18 (#19120 et al) (#19127)
+* SECURITY
+  * Prevent redirect to Host (2) (#19175) (#19186)
+  * Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
+  * Clean paths when looking in Storage (#19124) (#19179)
+  * Do not send notification emails to inactive users (#19131) (#19139)
+  * Do not send activation email if manual confirm is set (#19119) (#19122)
+* ENHANCEMENTS
+  * Use the new/choose link for New Issue on project page (#19172) (#19176)
+* BUGFIXES
+  * Fix showing issues in your repositories (#18916) (#19191)
+  * Fix compare link in active feeds for new branch (#19149) (#19185)
+  * Redirect .wiki/* ui link to /wiki (#18831) (#19184)
+  * Ensure deploy keys with write access can push (#19010) (#19182)
+  * Ensure that setting.LocalURL always has a trailing slash (#19171) (#19177)
+  * Cleanup protected branches when deleting users & teams (#19158) (#19174)
+  * Use IterateBufferSize whilst querying repositories during adoption check (#19140) (#19160)
+  * Fix NPE /repos/issues/search when not signed in (#19154) (#19155)
+  * Use custom favicon when viewing static files if it exists (#19130) (#19152)
+  * Fix the editor height in review box (#19003) (#19147)
+  * Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (#19028) (#19146)
+  * Fix wrong scopes caused by empty scope input (#19029) (#19145)
+  * Make migrations SKIP_TLS_VERIFY apply to git too (#19132) (#19141)
+  * Handle email address not exist (#19089) (#19121)
+* MISC
+  * Update json-iterator to allow compilation with go1.18 (#18644) (#19100)
+  * Update golang.org/x/crypto (#19097) (#19098)
+
 ## [1.16.4](https://github.com/go-gitea/gitea/releases/tag/v1.16.4) - 2022-03-14
 
 * SECURITY

cmd/web_acme.go

@@ -128,5 +128,5 @@ func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
 	// URI always contains a leading slash, which would result in a double
 	// slash
 	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
-	http.Redirect(w, r, target, http.StatusFound)
+	http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 }

docs/config.yaml

@@ -18,7 +18,7 @@ params:
   description: Git with a cup of tea
   author: The Gitea Authors
   website: https://docs.gitea.io
-  version: 1.16.4
+  version: 1.16.5
   minGoVersion: 1.17
   goVersion: 1.18
   minNodeVersion: 12.17

integrations/admin_user_test.go

@@ -46,7 +46,7 @@ func TestAdminEditUser(t *testing.T) {
 }
 
 func testSuccessfullEdit(t *testing.T, formData user_model.User) {
-	makeRequest(t, formData, http.StatusFound)
+	makeRequest(t, formData, http.StatusSeeOther)
 }
 
 func makeRequest(t *testing.T, formData user_model.User, headerCode int) {

integrations/api_branch_test.go

@@ -37,7 +37,7 @@ func testAPIGetBranchProtection(t *testing.T, branchName string, expectedHTTPSta
 	req := NewRequestf(t, "GET", "/api/v1/repos/user2/repo1/branch_protections/%s?token=%s", branchName, token)
 	resp := session.MakeRequest(t, req, expectedHTTPStatus)
 
-	if resp.Code == 200 {
+	if resp.Code == http.StatusOK {
 		var branchProtection api.BranchProtection
 		DecodeJSON(t, resp, &branchProtection)
 		assert.EqualValues(t, branchName, branchProtection.BranchName)
@@ -52,7 +52,7 @@ func testAPICreateBranchProtection(t *testing.T, branchName string, expectedHTTP
 	})
 	resp := session.MakeRequest(t, req, expectedHTTPStatus)
 
-	if resp.Code == 201 {
+	if resp.Code == http.StatusCreated {
 		var branchProtection api.BranchProtection
 		DecodeJSON(t, resp, &branchProtection)
 		assert.EqualValues(t, branchName, branchProtection.BranchName)
@@ -65,7 +65,7 @@ func testAPIEditBranchProtection(t *testing.T, branchName string, body *api.Bran
 	req := NewRequestWithJSON(t, "PATCH", "/api/v1/repos/user2/repo1/branch_protections/"+branchName+"?token="+token, body)
 	resp := session.MakeRequest(t, req, expectedHTTPStatus)
 
-	if resp.Code == 200 {
+	if resp.Code == http.StatusOK {
 		var branchProtection api.BranchProtection
 		DecodeJSON(t, resp, &branchProtection)
 		assert.EqualValues(t, branchName, branchProtection.BranchName)

integrations/api_helper_for_declarative_test.go

@@ -227,7 +227,7 @@ func doAPICreatePullRequest(ctx APITestContext, owner, repo, baseBranch, headBra
 			Title: fmt.Sprintf("create a pr from %s to %s", headBranch, baseBranch),
 		})
 
-		expected := 201
+		expected := http.StatusCreated
 		if ctx.ExpectedCode != 0 {
 			expected = ctx.ExpectedCode
 		}
@@ -246,7 +246,7 @@ func doAPIGetPullRequest(ctx APITestContext, owner, repo string, index int64) fu
 			owner, repo, index, ctx.Token)
 		req := NewRequest(t, http.MethodGet, urlStr)
 
-		expected := 200
+		expected := http.StatusOK
 		if ctx.ExpectedCode != 0 {
 			expected = ctx.ExpectedCode
 		}
@@ -287,7 +287,7 @@ func doAPIMergePullRequest(ctx APITestContext, owner, repo string, index int64)
 
 		expected := ctx.ExpectedCode
 		if expected == 0 {
-			expected = 200
+			expected = http.StatusOK
 		}
 
 		if !assert.EqualValues(t, expected, resp.Code,
@@ -310,7 +310,7 @@ func doAPIManuallyMergePullRequest(ctx APITestContext, owner, repo, commitID str
 			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
 			return
 		}
-		ctx.Session.MakeRequest(t, req, 200)
+		ctx.Session.MakeRequest(t, req, http.StatusOK)
 	}
 }
 

integrations/api_pull_test.go

@@ -77,7 +77,7 @@ func TestAPICreatePullSuccess(t *testing.T) {
 		Base:  "master",
 		Title: "create a failure pr",
 	})
-	session.MakeRequest(t, req, 201)
+	session.MakeRequest(t, req, http.StatusCreated)
 	session.MakeRequest(t, req, http.StatusUnprocessableEntity) // second request should fail
 }
 
@@ -105,7 +105,7 @@ func TestAPICreatePullWithFieldsSuccess(t *testing.T) {
 
 	req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls?token=%s", owner10.Name, repo10.Name, token), opts)
 
-	res := session.MakeRequest(t, req, 201)
+	res := session.MakeRequest(t, req, http.StatusCreated)
 	pull := new(api.PullRequest)
 	DecodeJSON(t, res, pull)
 
@@ -165,20 +165,20 @@ func TestAPIEditPull(t *testing.T) {
 		Title: "create a success pr",
 	})
 	pull := new(api.PullRequest)
-	resp := session.MakeRequest(t, req, 201)
+	resp := session.MakeRequest(t, req, http.StatusCreated)
 	DecodeJSON(t, resp, pull)
 	assert.EqualValues(t, "master", pull.Base.Name)
 
 	req = NewRequestWithJSON(t, http.MethodPatch, fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d?token=%s", owner10.Name, repo10.Name, pull.Index, token), &api.EditPullRequestOption{
 		Base:  "feature/1",
 		Title: "edit a this pr",
 	})
-	resp = session.MakeRequest(t, req, 201)
+	resp = session.MakeRequest(t, req, http.StatusCreated)
 	DecodeJSON(t, resp, pull)
 	assert.EqualValues(t, "feature/1", pull.Base.Name)
 
 	req = NewRequestWithJSON(t, http.MethodPatch, fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d?token=%s", owner10.Name, repo10.Name, pull.Index, token), &api.EditPullRequestOption{
 		Base: "not-exist",
 	})
-	session.MakeRequest(t, req, 404)
+	session.MakeRequest(t, req, http.StatusNotFound)
 }

integrations/api_repo_languages_test.go

@@ -33,7 +33,7 @@ func TestRepoLanguages(t *testing.T) {
 			"content":       "package main",
 			"commit_choice": "direct",
 		})
-		session.MakeRequest(t, req, http.StatusFound)
+		session.MakeRequest(t, req, http.StatusSeeOther)
 
 		// let gitea calculate language stats
 		time.Sleep(time.Second)

integrations/attachment_test.go

@@ -59,7 +59,7 @@ func createAttachment(t *testing.T, session *TestSession, repoURL, filename stri
 func TestCreateAnonymousAttachment(t *testing.T) {
 	defer prepareTestEnv(t)()
 	session := emptyTestSession(t)
-	createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusFound)
+	createAttachment(t, session, "user2/repo1", "image.png", generateImg(), http.StatusSeeOther)
 }
 
 func TestCreateIssueAttachment(t *testing.T) {
@@ -83,7 +83,7 @@ func TestCreateIssueAttachment(t *testing.T) {
 	}
 
 	req = NewRequestWithValues(t, "POST", link, postData)
-	resp = session.MakeRequest(t, req, http.StatusFound)
+	resp = session.MakeRequest(t, req, http.StatusSeeOther)
 	test.RedirectURL(resp) // check that redirect URL exists
 
 	// Validate that attachment is available

integrations/auth_ldap_test.go

@@ -135,7 +135,7 @@ func addAuthSourceLDAP(t *testing.T, sshKeyAttribute string, groupMapParams ...s
 		"group_team_map_removal":   groupTeamMapRemoval,
 		"user_uid":                 "DN",
 	})
-	session.MakeRequest(t, req, http.StatusFound)
+	session.MakeRequest(t, req, http.StatusSeeOther)
 }
 
 func TestLDAPUserSignin(t *testing.T) {
@@ -202,7 +202,7 @@ func TestLDAPAuthChange(t *testing.T) {
 		"is_sync_enabled":          "on",
 		"is_active":                "on",
 	})
-	session.MakeRequest(t, req, http.StatusFound)
+	session.MakeRequest(t, req, http.StatusSeeOther)
 
 	req = NewRequest(t, "GET", href)
 	resp = session.MakeRequest(t, req, http.StatusOK)