docs: Changelog for 1.27.0-rc0 (#38247)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

.github/actions/go-cache/action.yml

@@ -16,34 +16,34 @@ runs:
   using: composite
   steps:
     - if: ${{ github.workflow == 'cache-seeder' }}
-      uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
       with:
         path: ~/go/pkg/mod
         key: gomod-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum') }}
     - if: ${{ github.workflow != 'cache-seeder' }}
-      uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
+      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
       with:
         path: ~/go/pkg/mod
         key: gomod-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum') }}
         restore-keys: gomod-${{ runner.os }}-${{ runner.arch }}
     - if: ${{ github.workflow == 'cache-seeder' && inputs.lint-cache != 'true' }}
-      uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
       with:
         path: ~/.cache/go-build
         key: gobuild-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum') }}
     - if: ${{ github.workflow != 'cache-seeder' || inputs.lint-cache == 'true' }}
-      uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
+      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
       with:
         path: ~/.cache/go-build
         key: gobuild-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum') }}
         restore-keys: gobuild-${{ runner.os }}-${{ runner.arch }}
     - if: ${{ inputs.lint-cache == 'true' && github.workflow == 'cache-seeder' }}
-      uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
+      uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
       with:
         path: ~/.cache/golangci-lint
         key: golint-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum', '.golangci.yml') }}
     - if: ${{ inputs.lint-cache == 'true' && github.workflow != 'cache-seeder' }}
-      uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
+      uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
       with:
         path: ~/.cache/golangci-lint
         key: golint-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('go.sum', '.golangci.yml') }}

.github/workflows/release-nightly-snapcraft.yml

@@ -13,23 +13,21 @@ jobs:
   build-and-publish:
     runs-on: ubuntu-latest
 
+    env:
+      SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
+
     steps:
       - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
 
       - name: Install snapcraft
         run: sudo snap install snapcraft --classic
 
-      - name: Remote build
-        # remote-build runs on Launchpad and authenticates via a credentials file,
-        # not the Snap Store credentials used by upload
+      - name: Authenticate snapcraft
         shell: bash
-        env:
-          LAUNCHPAD_CREDENTIALS: ${{ secrets.LAUNCHPAD_CREDENTIALS }}
+        run: snapcraft login --with <(printf '%s' "$SNAPCRAFT_STORE_CREDENTIALS")
+
+      - name: Remote build
         run: |
-          set -euo pipefail
-          install -d -m 700 "$HOME/.local/share/snapcraft"
-          printf '%s' "$LAUNCHPAD_CREDENTIALS" > "$HOME/.local/share/snapcraft/launchpad-credentials"
-          chmod 600 "$HOME/.local/share/snapcraft/launchpad-credentials"
           snapcraft remote-build \
             --launchpad-accept-public-upload \
             --build-for=amd64,arm64,armhf
@@ -38,8 +36,6 @@ jobs:
         run: find . -maxdepth 1 -type f -name '*.snap' -print
 
       - name: Upload and release snapcraft nightly build
-        env:
-          SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
         run: |
           set -euo pipefail
 

CHANGELOG.md

@@ -4,6 +4,274 @@ This changelog goes through the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.com).
 
+## [1.27.0-rc0](https://github.com/go-gitea/gitea/releases/tag/v1.27.0-rc0) - 2026-06-28
+
+* BREAKING
+  * Feat(actions)!: improve support for reusable workflows (#37478)
+  * Use Content-Security-Policy: script nonce (#37232)
+
+* SECURITY
+  * Fix(deps): update module github.com/go-git/go-git/v5 to v5.19.1 [security] (#37786)
+  * Fix(oauth): restrict introspection to the token's client (#38042)
+  * Fix(api): don't expose private org membership via public_members (#38145)
+  * Fix(actions): deny fork-PR cross-repo access via collaborative owner (#38214)
+  * Fix(migrations): prevent path traversal in repository restore (#38215)
+
+* FEATURES
+  * Feat(actions): add workflow status badge modal (#38196)
+  * Feat(actions): support owner-level and global scoped workflows (#38154)
+  * Feat(api): support ref suffixes in compare (#38148)
+  * Feat(actions): implement `jobs.<job_id>.continue-on-error` (#38100)
+  * Feat(actions): show run status on browser tab favicon (#38071)
+  * Feat(api): add token introspection and self-deletion endpoint (#37995)
+  * Feat(api): add q parameter to list branches API for server-side filtering (#37982)
+  * Feat(repo): split repository creation limit into user and org scopes (#37872)
+  * Feat(actions): bulk delete, disable and enable runners in admin UI (#37869)
+  * Feat(actions): List workflows that were executed once but got removed from the default branch (#37835)
+  * Feat(org): add team visibility so org members can discover teams (#37680)
+  * Feat: add raw diff/patch endpoint for repository comparisons (#37632)
+  * Feat: Add avatar stacks (#37594)
+  * Feat(actions): add job summaries (GITHUB_STEP_SUMMARY) (#37500)
+  * Feat(web): Add Jupyter Notebook (.ipynb) Rendering Support (#37433)
+  * Support for Custom URI Schemes in OAuth2 Redirect URIs (#37356)
+  * Feat(orgs): Add search bar for organization members tab page (#37347)
+  * Feat(api): Add assignees APIs (#37330)
+  * Feat(api): Add GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs (#37196)
+  * Serve OpenAPI 3.0 spec at /openapi.v1.json (#37038)
+  * Add project column picker to issue and pull request sidebar (#37037)
+  * Allow multiple projects per issue and pull requests (#36784)
+  * Feat(ui): add "follow rename" to file commit history list (#34994)
+  * Feat(ssh): auto generate additional ssh keys (#33974)
+
+* ENHANCEMENTS
+  * Enhance: allow builtin default git config options to be overridden (#38172)
+  * Enhance: allow MathML core elements (#38034)
+  * Enhance(markup): improve issue title rendering (#37908)
+  * Enhance(actions): set descriptive browser tab title on run view (#37870)
+  * Enhance: Migrate remaining gopkg.in/yaml.v3 usages to go.yaml.in/yaml/v4 (#37866)
+  * Enhance(actions): show workflow name from YAML instead of filename (#37833)
+  * Feat(actions): add before/after to PR synchronize event payload (#37827)
+  * Enhance(actions): add branch filters to run list (#37826)
+  * Enhance(actions): Make Summary UI more beautiful with more infos (#37824)
+  * Feat: add copy button to action step header, improve other copy buttons (#37744)
+  * Fix(icon): use repo-forked icon to display forks count (#37731)
+  * Feat(api): add sort and order query parameters to job list endpoints (#37672)
+  * Feat(api): add last_sync to repository API (#37566)
+  * Enhance: Adjust Workflow Graph styling (#37497)
+  * Improve code editor text selection and clean up lint enablement (#37474)
+  * Add mirror auth updates to repo edit API and settings (#37468)
+  * Replace `olivere/elastic` with REST API client, add OpenSearch support (#37411)
+  * Feat: Add default PR branch update style setting (#37410)
+  * Fix inconsistent disabled styling on logged-out repo header buttons (#37406)
+  * Allow fast-forward-only merge when signed commits are required (#37335)
+  * Enhance styling in actions page (#37323)
+  * Fix: improve actions status icons and texts (#37206)
+  * Make Markdown fenced code block work with more syntaxes (#37154)
+  * Fix: Sort action run jobs by JobID and Name with matrix examples (#37046)
+  * Add API endpoint to reply to pull request review comments (#36683)
+
+* PERFORMANCE
+  * Perf(web): sort the action_run query by a repo-scoped index when possible (#38155)
+  * Perf: Various performance regression fixes (#38078)
+  * Perf: extend action `c_u` index to include `created_unix` for faster dashboard feeds (#38076)
+  * Batch-load related data in actions run, job, and task API endpoints (#37032)
+
+* BUGFIXES
+  * Fix: update npm dependencies, fix misc issues (#38257)
+  * Fix(api): respect since/until when counting commits for X-Total-Count (#38204)
+  * Fix: codemirror regressions (#38248)
+  * Fix(api): support HEAD requests on all API GET endpoints (#38245)
+  * Fix(actions): Cleanup workflow status badge code (#38241)
+  * Fix(web): Correctly align the "disabled" label on larger workflow names (#38240)
+  * Fix(actions): don't swallow HTML entities into linkified URLs (#38239)
+  * Fix(packages): accept npm "repository" and "bin" in string form (#38236)
+  * Fix(actions): fix 500 error when canceling a canceling task (#38223)
+  * Fix(deps): update module golang.org/x/image to v0.43.0 [security] (#38219)
+  * Fix(mssql): convert legacy DATETIME columns to DATETIME2 (#38216)
+  * Fix(api): deny private org member enumeration via /members (#38213)
+  * Fix(actions): ensure all waiting jobs get runners in large workflows (#38200)
+  * Fix(deps): update go dependencies (#38194)
+  * Fix(deps): update npm dependencies (#38193)
+  * Fix(cli): default must-change-password to false for bot users (#38175)
+  * Fix(actions): show run index in run view and fix summary graph height (#38165)
+  * Fix: csp (#38162)
+  * Fix(deps): update npm dependencies (#38123)
+  * Fix(mssql): expand legacy issue and comment long-text columns (#38120)
+  * Fix(packages): validate debian distribution and component names (#38116)
+  * Fix(packages): validate module version in goproxy ParsePackage (#38104)
+  * Fix(deps): update dependency esbuild to v0.28.1 [security] (#38097)
+  * Fix: git push hook post receive (#38089)
+  * Fix(ui): prevent commit status popup overflowing its row (#38081)
+  * Fix: validate gem name in rubygems parseMetadataFile (#38061)
+  * Fix: commit display name (#38057)
+  * Fix: csp regressions (#38047)
+  * Fix: api error message (#38031)
+  * Fix(deps): update npm dependencies (#38029)
+  * Fix: pgsql lint (#38022)
+  * Fix(indexer): fix assignee filters in issue search (#38021)
+  * Fix: various dropdown problems (#38020)
+  * Fix: refactor git error handling and make archive streaming handle non-existing commit id (#38007)
+  * Fix: raise git required version to 2.13 (#37996)
+  * Fix: remove "no-transfrom" from the cache-control header (#37985)
+  * Fix(deps): update module github.com/google/go-github/v87 to v88 (#37971)
+  * Fix: use committer time where ever possible as default (#37969)
+  * Fix(deps): update npm dependencies, remove nolyfill (#37968)
+  * Fix(deps): update go dependencies (#37967)
+  * Fix(pull): preserve squash message trailers and additional commit messages (#37954)
+  * Fix(deps): update module golang.org/x/image to v0.41.0 [security] (#37904)
+  * Fix: support ##[command] log prefix in action run UI (#37882)
+  * Fix(deps): update module github.com/google/go-github/v86 to v87 (#37845)
+  * Fix(deps): update npm dependencies (#37844)
+  * Fix(deps): update go dependencies (#37841)
+  * Fix(frontend): resolve Vite assets by manifest source path (#37836)
+  * Fix(locales): Replace hardcoded strings (#37788)
+  * Fix(packages): render markdown links relative to linked repo (#37676)
+  * Fix: persist mirror repository metadata (#37519)
+  * Fix cmd tests by mocking builtin paths (#37369)
+  * Add `form-fetch-action` to some forms, fix "fetch action" resp bug (#37305)
+  * Feat: execute post run cleanup when workflow is cancelled (#37275)
+  * Fix `relative-time` error and improve global error handler (#37241)
+  * Refactor flash message and remove SanitizeHTML template func (#37179)
+
+* TESTING
+  * Test: speed up two tests (#37905)
+  * Test: Fix random failure test (#37887)
+  * Test: fix flaky `issue-comment` close test (#37880)
+  * Test: enable WAL for sqlite integration tests (#37861)
+  * Test: fix flaky `TestResourceIndex` and reduce its runtime (#37847)
+  * Test: run `TestAPIRepoMigrate` offline via a local clone source (#37817)
+  * Ci: shard tests and reduce redundant work (#37618)
+  * Test(e2e): run playwright via container (#37300)
+  * Remove external service dependencies in migration tests (#36866)
+
+* BUILD
+  * Fix(actions): authenticate snapcraft before nightly remote build (#38252)
+  * Ci: cap Elasticsearch heap in db-tests (#37816)
+  * Build(snap): publish nightly version to snapcraft via actions (#37814)
+  * Ci: split pgsql shards into plain jobs, dedupe setup actions (#37802)
+  * Ci: narrow files-changed frontend filter (#37749)
+  * Ci: add `zizmor` to `lint-actions` (#37720)
+  * Chore: clean up "contrib" dir (#37690)
+  * Fix: snap build (main branch) (#37685)
+  * Ci: Also lint json5 files (#37659)
+  * Feat(editor): broaden language detection in web code editor (#37619)
+  * Build: update pnpm to v11 (#37591)
+  * Refactor(deps): migrate from `nektos/act` fork to `gitea/runner` (#37557)
+  * Refactor: lint bare `fill`/`stroke` colors, add vars for git graph color series (#37543)
+  * Update go js py dependencies (#37525)
+  * Ci: lint PR titles with commitlint (#37498)
+  * Chore: upgrade Go version in devcontainer image to 1.26 (#37374)
+  * Update GitHub Actions to latest major versions (#37313)
+  * Update go js dependencies (#37312)
+  * Fail vite build on rolldown warnings via NODE_ENV=test (#37270)
+  * Remove htmx (#37224)
+  * Replace custom Go formatter with `golangci-lint fmt` (#37194)
+  * Refactor htmx and fetch-action related code (#37186)
+  * Integrate renovate bot for all dependency updates (#37050)
+  * Build(sign): move to sigstore (#38250)
+
+* DOCS
+  * Docs: update changelog for 1.26.3 & 1.26.4 (#38178)
+  * Docs: fix duplicated word in foreachref doc comment (#38161)
+  * Docs: Clarify criteria for becoming a merger (#38113)
+  * Docs: Publish TOC Election Result 2026 (#38111)
+  * Docs: mark openapi3 as autogenerated in attributes (#37963)
+  * Docs: add development setup guide (#37960)
+
+* MISC
+  * Revert(sign): restore gpg (#38251)
+  * Refactor: replace legacy `delete-button` with `link-action` (#38143)
+  * Refactor(actions): read runner capabilities from proto field (#38068)
+  * Refactor(api): clarify APIError message usage and fix legacy lint error (#38012)
+  * Refactor: Use db.Get[] instead of db.GetEngine(ctx).Get(bean) to avoid zero value fetching wrong database record (#37977)
+  * Fix(deps): update go dependencies (#37851)
+  * Ci: Fix sync PR labels from the conventional-commit title (#37784) (#37825)
+  * Ci: tweak `files-changed`, add `free-disk-space` (#37819)
+  * Fix(deps): update module golang.org/x/crypto to v0.52.0 [security] (#37806)
+  * Test(e2e): add comment, release, star, PR and fork tests (#37800)
+  * Chore: simplify issue and pull request templates (#37799)
+  * Chore: Update giteabot to fix failure when backport (#37789)
+  * Fix(api): handle partial failures in push mirror synchronization gracefully (#37782)
+  * Fix(deps): update module gitlab.com/gitlab-org/api/client-go/v2 to v2.26.0 (#37771)
+  * Ci: split giteabot workflow (#37770)
+  * Fix(deps): update npm dependencies (#37768)
+  * Refactor(waitgroup): replace Add/Done goroutines with WaitGroup.Go (#37764)
+  * Fix(deps): update module google.golang.org/grpc to v1.81.1 (#37762)
+  * Ci: fix cache-related issues (#37761)
+  * Chore: fix tests (#37760)
+  * Fix(deps): update module github.com/google/go-github/v85 to v86 (#37754)
+  * Fix(deps): update npm dependencies (#37753)
+  * Fix(deps): update go dependencies (#37752)
+  * Chore(deps): update action dependencies (#37751)
+  * Fix(markup): wrap indented code blocks for the code-copy button (#37748)
+  * Chore(db): introduce db.Session and db.EngineMigration interfaces (#37746)
+  * Feat(web): also display PR counts in repo list (#37739)
+  * Refactor(glob): use strings.Builder for regexp compilation (#37730)
+  * Chore(doctor): remove four obsolete doctor check implementations (#37728)
+  * Refactor(org): simplify owner-team org repo creation logic (#37727)
+  * Refactor: move `workflowpattern` into `modules/actions` (#37717)
+  * Chore: clean up tests (#37715)
+  * Style: misc UI fixes (#37691)
+  * Ci: add shellcheck linter (#37682)
+  * Fix: catch and fix more lint problems (#37674)
+  * Fix(deps): update dependency mermaid to v11.15.0 [security], add e2e test (#37662)
+  * Fix(deps): update npm dependencies (#37647)
+  * Ci(renovate): update Go import paths on major bumps (#37641)
+  * Fix(deps): update go dependencies (major) (#37639)
+  * Chore(deps): update action dependencies (major) (#37638)
+  * Fix(deps): update module code.gitea.io/sdk/gitea to v0.25.0 (#37637)
+  * Fix(deps): update npm dependencies (#37636)
+  * Refactor(log): replace log.Critical with log.Error (#37624)
+  * Build(deps): bump fast-uri from 3.1.0 to 3.1.2 (#37616)
+  * Feat(oauth): Support AWS Cognito OAuth2 provider (#37607)
+  * Chore(deps): update action dependencies (#37603)
+  * Ci: allow `chore` type in PR title lint (#37575)
+  * Refactor: only reset a database table when the table's data was changed (#37573)
+  * Ci: increase renovate frequency and fix RENOVATE_ALLOWED_POST_UPGRADE_COMMANDS (#37565)
+  * Refactor: use modernc sqlite driver as default (#37562)
+  * Docs: fix 4 typos in CHANGELOG.md (#37549)
+  * Fix(deps): update go dependencies (#37541)
+  * Chore(deps): update action dependencies (#37540)
+  * Refactor pull request view (6) (#37522)
+  * Fix: redirect early CLI console logger to stderr (#37507)
+  * Refactor "flex-list" to "flex-divided-list" (#37505)
+  * Refactor compare diff/pull page (1) (#37481)
+  * Refactor pull request view (4) (#37451)
+  * Update 1.26.1 changelog in main (#37442)
+  * Refactor: use named `Permission` field in `Repository` struct instead of anonymous embedding (#37441)
+  * Refactor: serve site manifest via `/assets/site-manifest.json` endpoint (#37405)
+  * Remove IsValidExternalURL/IsAPIURL and use IsValidURL at call sites (#37364)
+  * Update `Block a user` form (#37359)
+  * Move review request functions to a standalone file (#37358)
+  * Feat(security): set X-Content-Type-Options: nosniff by default (#37354)
+  * Enable strict TypeScript, add `errorMessage` helper (#37292)
+  * Refactor frontend `tw-justify-between` layouts to `flex-left-right` (#37291)
+  * Update Nix flake (#37284)
+  * Fix Repository transferring page (#37277)
+  * Remove `SubmitEvent` polyfill (#37276)
+  * Remove dead code identified by `deadcode` tool (#37271)
+  * Upgrade go-git to v5.18.0 (#37268)
+  * Don't add useless labels which will bother changelog generation (#37267)
+  * Move heatmap to first-party code (#37262)
+  * Tests/integration: simplify code (#37249)
+  * Add pagination and search box to org teams list (#37245)
+  * Remove error returns from crypto random helpers and callers (#37240)
+  * Add `ExternalIDClaim` option for OAuth2 OIDC auth source (#37229)
+  * Refactor: simplify ParseCatFileTreeLine and catBatchParseTreeEntries (#37210)
+  * Refactor "htmx" to "fetch action" (#37208)
+  * Update go js py dependencies (#37204)
+  * Add comment for the design of "user activity time" (#37195)
+  * Remove outdated RunUser logic (#37180)
+  * Models/fixtures: add "DO NOT add more test data" comment to all yml fixture files (#37150)
+  * Update javascript dependencies (#37142)
+  * Update go dependencies (#37141)
+  * Frontport changelog of v1.26.0-rc0 (#37138)
+  * Introduce `ActionRunAttempt` to represent each execution of a run (#37119)
+  * Workflow Artifact Info Hover (#37100)
+  * Extend issue context popup beyond markdown content (#36908)
+  * Add bulk repository deletion for organizations (#36763)
+  * Feat: Add bypass allowlist for branch protection (#36514)
+
 ## [1.26.4](https://github.com/go-gitea/gitea/releases/tag/1.26.4) - 2026-06-21
 
 * SECURITY

assets/codemirror-languages.json

@@ -436,7 +436,6 @@
       "jsonl",
       "mcmeta",
       "sarif",
-      "slnlaunch",
       "tact",
       "tfstate",
       "topojson",
@@ -692,17 +691,10 @@
     "extensions": [
       "ini",
       "cnf",
-      "container",
       "dof",
       "lektorproject",
-      "mount",
-      "network",
       "prefs",
       "properties",
-      "service",
-      "socket",
-      "target",
-      "timer",
       "url",
       "conf"
     ],

options/locale/locale_ga-IE.json

@@ -3779,7 +3779,6 @@
   "actions.runs.commit": "Tiomantas",
   "actions.runs.run_details": "Sonraí Rith",
   "actions.runs.workflow_file": "Comhad sreabhadh oibre",
-  "actions.runs.workflow_file_no_permission": "Gan cead chun an comhad sreafa oibre a fheiceáil",
   "actions.runs.scheduled": "Sceidealaithe",
   "actions.runs.pushed_by": "bhrú ag",
   "actions.runs.invalid_workflow_helper": "Tá comhad cumraíochta sreabhadh oibre nebhailí. Seiceáil do chomhad cumraithe le do thoil: %s",
@@ -3836,33 +3835,7 @@
   "actions.workflow.scope_owner": "Úinéir",
   "actions.workflow.scope_global": "Domhanda",
   "actions.workflow.required": "Riachtanach",
-  "actions.workflow.scoped_required_cannot_disable": "Tá an sreabhadh oibre raonaithe seo riachtanach agus ní féidir é a dhíchumasú.",
-  "actions.scoped_workflows": "Sreafaí Oibre Raonaithe",
-  "actions.scoped_workflows.desc_org": "Cláraigh stórtha mar fhoinsí sreabhadh oibre raonta. Ritheann comhaid sreabhadh oibre faoi eolairí sreabhadh oibre raonta brainse réamhshocraithe stórtha foinse ar gach stórtha den eagraíocht seo, i gcomhthéacs an stórtha sin féin.",
-  "actions.scoped_workflows.desc_user": "Cláraigh stórtha mar fhoinsí sreabhadh oibre raonta. Ritheann comhaid sreabhadh oibre faoi eolairí sreabhadh oibre raonta brainse réamhshocraithe stórtha foinse ar gach stór atá i do sheilbh, i gcomhthéacs an stórtha sin féin.",
-  "actions.scoped_workflows.desc_global": "Cláraigh stórtha mar fhoinsí sreabhadh oibre raonta. Ritheann comhaid sreabhadh oibre faoi eolairí sreabhadh oibre raonta brainse réamhshocraithe stórtha foinse ar gach stór ar an gcás seo, i gcomhthéacs an stórtha sin féin. Ós rud é go ndéantar foinsí ar leibhéal an chás a mheas ar imeachtaí gach stórtha, is féidir le clárú na gcomhad sin forchostais a chur leis ar chásanna móra.",
-  "actions.scoped_workflows.add_help": "Chun sreafaí oibre raonta a sholáthar ó stór, cuir na comhaid sreafa oibre faoi <code>%s</code> ar a bhrainse réamhshocraithe, agus ansin cláraigh an stór mar fhoinse thíos.",
-  "actions.scoped_workflows.security_note": "Déantar ábhar sreafa oibre stórais foinse a fhorghníomhú i ngach stórais lena mbaineann sé, agus scríobhtar a scripteanna céime agus a n-aschur chuig logaí Gníomhartha an stórais sin agus is féidir le duine ar bith ar féidir leo Gníomhartha an stórais ídigh a fheiceáil iad a léamh. Dá bhrí sin, nochtar loighic a sreafa oibre trí na logaí sin nuair a chláraítear stórais phríobháidigh mar fhoinse. Ní chláraítear ach stórais a bhféadfadh a n-ábhar sreafa oibre a bheith roinnte le gach stórais ídigh. Má thagraíonn sreabhadh oibre raonaithe do shreabhadh oibre in-athúsáidte ó stórais phríobháidigh, déan cinnte gur féidir le gach stórais ídigh é a léamh, nó teipfidh ar an sreabhadh oibre ansin.",
-  "actions.scoped_workflows.source.add": "Cuir stór foinse leis",
-  "actions.scoped_workflows.source.add_success": "Stór foinse curtha leis.",
-  "actions.scoped_workflows.source.remove_success": "Baineadh an stór foinse.",
-  "actions.scoped_workflows.source.not_found": "Níor aimsíodh an stórlann.",
-  "actions.scoped_workflows.required.update_success": "Sreafaí oibre riachtanacha nuashonraithe.",
-  "actions.scoped_workflows.required.label": "Marcáil sreafaí oibre mar riachtanacha (ní féidir le stórtha sreabhadh oibre riachtanach a dhíchumasú):",
-  "actions.scoped_workflows.required.patterns": "Patrúin seiceála stádais riachtanacha",
-  "actions.scoped_workflows.required.patterns_aria": "Patrúin seiceála stádais riachtanacha do %s",
-  "actions.scoped_workflows.required.patterns_note": "i bhfeidhm ach amháin nuair a bhíonn an sreabhadh oibre ag teastáil",
-  "actions.scoped_workflows.required.patterns_hint": "Marcáil an sreabhadh oibre mar is gá chun a phatrúin seiceála stádais a chumrú.",
-  "actions.scoped_workflows.required.patterns_help": "Patrún seiceála stádais amháin (glob) in aghaidh an líne. Ní féidir iarratas tarraingthe íditheach a chumasc ach amháin nuair a bheidh stádas a mheaitseálann gach patrún rite. Cuirtear é seo i bhfeidhm ar aon bhrainse sprice a bhfuil riail chosanta aige, fiú ceann a bhfuil a sheiceálacha stádais féin díchumasaithe; ní dhéantar geataíocht ar bhrainse sprice gan aon riail chosanta.",
-  "actions.scoped_workflows.required.patterns_empty": "Teastaíonn patrún seiceála stádais amháin ar a laghad ó gach sreabhadh oibre riachtanach.",
-  "actions.scoped_workflows.required.missing_file": "níl an comhad sa bhunleagan a thuilleadh",
-  "actions.scoped_workflows.required.expected_contexts": "Seiceálacha stádais ionchais (marcáiltear seic a mheaitseálann patrún)",
-  "actions.scoped_workflows.required.no_status_contexts": "Ní phostálann an sreabhadh oibre seo aon seiceálacha stádais, mar sin má mharcálann tú é mar riachtanas, chuirfeadh sé bac ar gach iarratas tarraingthe atá á úsáid ó chumasc. Díthiceáil Riachtanach.",
-  "actions.scoped_workflows.no_files": "Ní bhfuarthas aon chomhaid sreabha oibre raonaithe ar an mbrainse réamhshocraithe.",
   "actions.workflow.run": "Rith Sreabhadh Oibre",
-  "actions.workflow.create_status_badge": "Cruthaigh suaitheantas stádais",
-  "actions.workflow.status_badge": "Suaitheantas Stádais",
-  "actions.workflow.status_badge_url": "URL suaitheantais",
   "actions.workflow.not_found": "Níor aimsíodh sreabhadh oibre '%s'.",
   "actions.workflow.run_success": "Ritheann sreabhadh oibre '%s' go rathúil.",
   "actions.workflow.from_ref": "Úsáid sreabhadh oibre ó",

options/locale/locale_ko-KR.json

@@ -1584,7 +1584,7 @@
   "repo.issues.label_archived_filter": "아카이빙된 레이블 표시",
   "repo.issues.label_archive_tooltip": "아카아빙된 레이블은 레이블로 검색할 때 기본적으로 제안 목록에서 제외됩니다.",
   "repo.issues.label_exclusive_desc": "레이블명을 <code>스코프/항목</code>으로 지정하여 다른 <code>스코프/</code> 레이블과 상호 배타적으로 만드세요.",
-  "repo.issues.label_exclusive_warning": "이슈 또는 풀 리퀘스트의 레이블을 편집할 때 충돌하는 범위지정 레이블은 모두 제거됩니다.",
+  "repo.issues.label_exclusive_warning": "이슈 또는 풀 리퀘스트의 레이블을 편집할 때 충돌하는 스코프 지정 레이블은 모두 제거됩니다.",
   "repo.issues.label_exclusive_order": "정렬 순서",
   "repo.issues.label_exclusive_order_tooltip": "같은 스코프 내의 독점 레이블은 이 숫자 순서에 따라 정렬됩니다.",
   "repo.issues.label_count": "레이블 %d개",
@@ -3820,12 +3820,7 @@
   "actions.workflow.scope_owner": "소유자",
   "actions.workflow.scope_global": "글로벌",
   "actions.workflow.required": "필수 항목",
-  "actions.workflow.scoped_required_cannot_disable": "범위지정 워크플로우가 요구되며 비활성화할 수 없습니다.",
-  "actions.scoped_workflows": "범위지정 워크플로우",
   "actions.workflow.run": "워크플로 실행",
-  "actions.workflow.create_status_badge": "상태 배지 생성",
-  "actions.workflow.status_badge": "상태 배지",
-  "actions.workflow.status_badge_url": "배지 URL",
   "actions.workflow.not_found": "워크플로 '%s'를 찾을 수 없습니다.",
   "actions.workflow.run_success": "워크플로 '%s'가 성공적으로 실행되었습니다.",
   "actions.workflow.from_ref": "다음에서 워크플로 사용",

package.json

@@ -50,7 +50,7 @@
     "esbuild": "0.28.1",
     "idiomorph": "0.7.4",
     "jquery": "4.0.0",
-    "js-yaml": "5.1.0",
+    "js-yaml": "4.2.0",
     "katex": "0.17.0",
     "mermaid": "11.15.0",
     "online-3d-viewer": "0.18.0",
@@ -81,6 +81,7 @@
     "@stylistic/stylelint-plugin": "5.2.0",
     "@types/codemirror": "5.60.17",
     "@types/jquery": "4.0.1",
+    "@types/js-yaml": "4.0.9",
     "@types/katex": "0.16.8",
     "@types/node": "25.9.4",
     "@types/pdfobject": "2.2.5",

pnpm-lock.yaml

@@ -141,8 +141,8 @@ importers:
         specifier: 4.0.0
         version: 4.0.0
       js-yaml:
-        specifier: 5.1.0
-        version: 5.1.0
+        specifier: 4.2.0
+        version: 4.2.0
       katex:
         specifier: 0.17.0
         version: 0.17.0
@@ -228,6 +228,9 @@ importers:
       '@types/jquery':
         specifier: 4.0.1
         version: 4.0.1
+      '@types/js-yaml':
+        specifier: 4.0.9
+        version: 4.0.9
       '@types/katex':
         specifier: 0.16.8
         version: 0.16.8
@@ -1310,6 +1313,9 @@ packages:
   '@types/jquery@4.0.1':
     resolution: {integrity: sha512-9a59A/tycXgYuPABcp6/3spSShn0NT2UOM4EfHvMumjYi4lJWTsK5SZWjhx3yRm9IHGCeWXdV2YfNsrWrft/CA==}
 
+  '@types/js-yaml@4.0.9':
+    resolution: {integrity: sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg==}
+
   '@types/jsdom@20.0.1':
     resolution: {integrity: sha512-d0r18sZPmMQr1eG35u12FZfhIXNrnsPU/g5wvRKCUf/tOGilKKwYMYGqh33BNR6ba+2gkHw1EUiHoN3mn7E5IQ==}
 
@@ -3062,10 +3068,6 @@ packages:
     resolution: {integrity: sha512-ePWsvanv0DWuDRsW8dnt+R4jQ31SCRCQ7hhNcPXZPsoBZiemuZNYGf7adZdqX2D86j6rvKp3RpCxVTSb8WQlOw==}
     hasBin: true
 
-  js-yaml@5.1.0:
-    resolution: {integrity: sha512-s8VA5jkR8f22S3NAXmhKPFqGUduqZGlsufabVOgN14iTdw/RXcym7bKkbwjxLK9Yw2lEvvmJjFp119+KPeo8Kg==}
-    hasBin: true
-
   jsdoc-type-pratt-parser@7.2.0:
     resolution: {integrity: sha512-dh140MMgjyg3JhJZY/+iEzW+NO5xR2gpbDFKHqotCmexElVntw7GjWjt511+C/Ef02RU5TKYrJo/Xlzk+OLaTw==}
     engines: {node: '>=20.0.0'}
@@ -5539,6 +5541,8 @@ snapshots:
 
   '@types/jquery@4.0.1': {}
 
+  '@types/js-yaml@4.0.9': {}
+
   '@types/jsdom@20.0.1':
     dependencies:
       '@types/node': 25.9.4
@@ -7534,10 +7538,6 @@ snapshots:
     dependencies:
       argparse: 2.0.1
 
-  js-yaml@5.1.0:
-    dependencies:
-      argparse: 2.0.1
-
   jsdoc-type-pratt-parser@7.2.0: {}
 
   jsdom@20.0.3:

renovate.json5

@@ -73,11 +73,7 @@
       "postUpdateOptions": ["gomodUpdateImportPaths"],
       "postUpgradeTasks": {
         "commands": ["make tidy"],
-        "fileFilters": [
-          "go.mod",
-          "go.sum",
-          "assets/go-licenses.json",
-        ],
+        "fileFilters": ["go.mod", "go.sum", "assets/go-licenses.json"],
         "executionMode": "branch",
       },
     },
@@ -99,15 +95,8 @@
       "matchManagers": ["npm"],
       "postUpdateOptions": ["pnpmDedupe"],
       "postUpgradeTasks": {
-        "commands": ["make svg", "make generate-codemirror-languages"],
-        "fileFilters": [
-          "package.json",
-          "pnpm-lock.yaml",
-          "pnpm-workspace.yaml",
-          "public/assets/img/svg/**",
-          "options/fileicon/**",
-          "assets/codemirror-languages.json",
-        ],
+        "commands": ["make svg"],
+        "fileFilters": ["package.json", "pnpm-lock.yaml", "pnpm-workspace.yaml", "public/assets/img/svg/**", "options/fileicon/**"],
         "executionMode": "branch",
       },
     },