#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.21.x
#### What this PR does / why we need it:
This PR adds `io.micrometer:context-propagation` dependency to assist with context propagation across different types of context mechanisms, such as ThreadLocal, Reactor Context, and others.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR is a regular update for Spring Boot. See https://github.com/spring-projects/spring-boot/releases/tag/v3.5.5 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.5.5
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR allows ListResult to be deserialized with JSON. So we can resolve ListResult response of APIs correctly.
#### Does this PR introduce a user-facing change?
```release-note
None
```
* Add 'hidden' field to comment and reply requests
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Add support for filtering comments with hidden
* Specify hidden=false and approved=true for anonymous users
* Set default hidden flag only if null in comments
* Add 'private reply' option to comment modals
* Add private tag for hidden comments and replies
* Allow hiding comments only
* Enhance comment visibility logic to allow owners to view hidden comments
* Remove hidden input for reply form
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Refine i18n
Signed-off-by: Ryan Wang <i@ryanc.cc>
---------
Signed-off-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: John Niang <johnniang@foxmail.com>
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.21.x
#### What this PR does / why we need it:
This PR optimizes SEO tag generation with the following changes:
1. Site description and keywords settings now only apply to the homepage and are no longer inserted on other pages.
2. Added meta description tags for category archive pages, using the category description as content.
3. Improved the help text descriptions for SEO options in system settings.
#### Which issue(s) this PR fixes:
Fixes#7662
#### Does this PR introduce a user-facing change?
```release-note
优化页面的 SEO 标签的生成
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR fixes the internal check of selector converter `NotEquals`, which might lead to failing check of `metadata.name!=1`.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7666
#### Does this PR introduce a user-facing change?
```release-note
修复极端场景下无法检查文章别名是否存在的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR refactors posts query to reduce database queries significantly.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7593
Supersedes https://github.com/halo-dev/halo/pull/7644
#### Does this PR introduce a user-facing change?
```release-note
优化首页、归档页加载速度
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR fixes the problem of starting synchronizer multiple times while configuring multiple workers.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR removes unused JPA dependency to reduce application size about 14.6% off.
```bash
# Before
❯ ll application/build/libs
total 123M
-rw-r--r--. 1 johnniang johnniang 123M Jun 13 15:37 halo-2.21.0-SNAPSHOT.jar
-rw-r--r--. 1 johnniang johnniang 64 Jun 13 15:37 halo-2.21.0-SNAPSHOT.jar.sha256
```
```bash
# After
❯ ll application/build/libs
total 105M
-rw-r--r--. 1 johnniang johnniang 105M Jun 13 15:36 halo-2.21.0-SNAPSHOT.jar
-rw-r--r--. 1 johnniang johnniang 64 Jun 13 15:36 halo-2.21.0-SNAPSHOT.jar.sha256
```
#### Does this PR introduce a user-facing change?
```release-note
移除无用的依赖,软件包的体积减少近 15%
```
#### What type of PR is this?
/kind improvement
#### What this PR does / why we need it:
This PR adds UserLoginEvent and UserLogoutEvent which are shared to plugins.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7436
#### Does this PR introduce a user-facing change?
```release-note
添加用户登录/登出事件
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR bumps Spring Boot to [3.5.0](https://github.com/spring-projects/spring-boot/releases/tag/v3.5.0).
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.5.0
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR sets Java 21 as minimal version. After doing that, Halo can only run on Java 21 or newer version.
Fortunately, all plugins and themes won't be affected by the restriction.
> https://docs.gradle.org/current/userguide/toolchains.html#sec:release-flag-toolchain
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6867
#### Does this PR introduce a user-facing change?
```release-note
[Action Required] 更新最低运行环境为 Java 21
```
#### What type of PR is this?
/kind improvement
#### What this PR does / why we need it:
过期的Spring @Component API
#### Which issue(s) this PR fixes:
Fixes#7431
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR makes Argon2 password encoder as default to remove password limit of 72.
Please note that there is no compatibility issue for old passwords.
#### Which issue(s) this PR fixes:
Fixes#7405
#### Special notes for your reviewer:
1. Try to login as admin
2. Create a password having the length of 73 or more for a new user
3. See the result
#### Does this PR introduce a user-facing change?
```release-note
修复无法设置长度超过72个字符的密码的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds therapi-runtime-javadoc dependency and annotationProcessor for api and application projects. After doing that, SpringDoc will introspect Javadoc annotations and comments. See https://springdoc.org/#javadoc-support for more.
For support in plugin, just add an annotationProcessor like below:
```gradle
dependencies {
implementation platform('run.halo.tools.platform:plugin:2.20.8-SNAPSHOT')
compileOnly 'run.halo.app:api'
annotationProcessor 'com.github.therapi:therapi-runtime-javadoc-scribe:0.13.0'
}
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复 Unstructured Metadata 的 equals hashcode 排除 version,这可能是之前误操作提交的
ed50a0224d/api/src/main/java/run/halo/app/extension/Unstructured.java (L75)
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors UserScopedPatHandlerImpl with PAT service to make PAT operations flexible.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adjusts the order of checking instance of ExecutorService and AutoCloseable interfaces. Because the ExecutorService extends AutoCloseable in Java 21. As a result, unit tests against the method won't be passed in Java 21.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
支持禁用主题预览功能,但拥有主题管理权限的用户不受此功能影响
#### Which issue(s) this PR fixes:
Fixes#7204
#### Does this PR introduce a user-facing change?
```release-note
支持禁用主题预览功能,但拥有主题管理权限的用户不受此功能影响
```
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
Replaces deprecated functions (`String defaultString(final String str, final String nullDefault)`) with its recommended alternatives
See 29ccc7665f/src/main/java/org/apache/commons/lang3/StringUtils.java (L1635) for more.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
自动生成摘要仅对内容变更时生效
see https://github.com/halo-dev/halo/issues/7193#issuecomment-2581699190 for more details
避免对资源造成浪费如 AI 摘要生成
#### Which issue(s) this PR fixes:
Fixes#7193
#### Does this PR introduce a user-facing change?
```release-note
自动生成摘要仅对内容发生变更时生效
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复文件类型限制能通过混合文件类型绕过检测的问题
参考:https://github.com/halo-dev/halo/security/advisories/GHSA-99mc-ch53-pqh9
#### Does this PR introduce a user-facing change?
```release-note
修复文件类型限制能通过混合文件类型绕过检测的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
隐藏关键通知项设置以避免用户意外禁用而无法收到通知
#### Which issue(s) this PR fixes:
Fixes#6967
#### Does this PR introduce a user-facing change?
```release-note
隐藏关键通知项设置以避免用户意外禁用而无法收到通知
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for hooking user creating. Plugin developers can define extension points of `UserPreCreatingHandler` and `UserPostCreatingHandler` to do something else.
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中定义用户创建的前置和后置处理器
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复索引比较会因为全是 0 的字符串与其他字符串可能相等的问题
原因是遇到了全是 0 的字符串会因为跳过前导 0 的逻辑导致全部忽略了
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors sign up data binding using internal `bind` method in `ServerRequest` instead of binding my hand. It's more convenient and simpler.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
This PR exposes user and role services into plugins. Some authentication plugins may interact with users and users' roles.
#### Does this PR introduce a user-facing change?
```release-note
允许在插件中使用 UserService 和 RoleService
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
恢复 https://github.com/halo-dev/halo/pull/6846 中删除的 SystemSetting.AuthProvider#enabled 字段避免插件应用到了它可能会发生错误,将其标记为过时
#### Does this PR introduce a user-facing change?
```release-note
None
```
* refactor: auth provider sorting logic for better maintainability and clarity
* Refine UI
* chore: remove other auth type
* Remove other auth providers
---------
Co-authored-by: Ryan Wang <i@ryanc.cc>
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复竖向图片生成缩略图后会丢失方向信息展示为横向图片的问题
#### Which issue(s) this PR fixes:
Fixes#6802
#### Does this PR introduce a user-facing change?
```release-note
修复竖向图片生成缩略图后会丢失方向信息展示为横向图片的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR prevents caching from cache plugin for pre-auth pages and logout page.
#### Which issue(s) this PR fixes:
Fixes#6826
#### Special notes for your reviewer:
1. Install `Page Cache Plugin` from <https://www.halo.run/store/apps/app-BaamQ>.
2. Open a private browser window
3. Access login page twice
4. Try to login
5. See the result
#### Does this PR introduce a user-facing change?
```release-note
解决因缓存插件缓存登录页面导致无法登录的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
优化文件类型检测并支持根据文件名作为决策依据
#### Does this PR introduce a user-facing change?
```release-note
优化文件类型检测并支持根据文件名作为决策依据
```
#### What type of PR is this?
/kind feature
/milestone 2.20.x
/area core
#### What this PR does / why we need it:
支持用户在个人中心管理自己的附件(需要具有对应权限)
Fixes https://github.com/halo-dev/halo/issues/5278
#### Does this PR introduce a user-facing change?
```release-note
支持用户在个人中心管理自己的附件(需要具有对应权限)
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds [a Gradle plugin ](https://github.com/ben-manes/gradle-versions-plugin)to discover dependency updates.
```bash
❯ ./gradlew dependencyUpdates -Drevision=release
> Task :api:dependencyUpdates
------------------------------------------------------------
:api Project Dependency Updates (report to plain text file)
------------------------------------------------------------
The following dependencies are using the latest release version:
- com.github.ben-manes.caffeine:caffeine:3.1.8
- com.github.java-json-tools:json-patch:1.13
- com.j256.two-factor-auth:two-factor-auth:1.3
- io.asyncer:r2dbc-mysql:1.3.0
- io.github.java-diff-utils:java-diff-utils:4.12
- io.github.resilience4j:resilience4j-reactor:2.2.0
- io.github.resilience4j:resilience4j-spring-boot3:2.2.0
- io.projectreactor:reactor-test:3.7.0-M6
- io.r2dbc:r2dbc-h2:1.0.0.RELEASE
- io.seruco.encoding:base62:0.1.3
- org.apache.commons:commons-lang3:3.17.0
- org.imgscalr:imgscalr-lib:4.2
- org.jacoco:org.jacoco.agent:0.8.12
- org.jacoco:org.jacoco.ant:0.8.12
- org.mariadb:r2dbc-mariadb:1.2.2
- org.openapi4j:openapi-schema-validator:1.0.7
- org.pf4j:pf4j:3.12.0
- org.postgresql:postgresql:42.7.4
- org.postgresql:r2dbc-postgresql:1.0.5.RELEASE
- org.projectlombok:lombok:1.18.30
- org.springdoc:springdoc-openapi-starter-webflux-ui:2.6.0
- org.springframework.boot:spring-boot-starter-actuator:3.4.0-M3
- org.springframework.boot:spring-boot-starter-cache:3.4.0-M3
- org.springframework.boot:spring-boot-starter-data-jpa:3.4.0-M3
- org.springframework.boot:spring-boot-starter-data-r2dbc:3.4.0-M3
- org.springframework.boot:spring-boot-starter-mail:3.4.0-M3
- org.springframework.boot:spring-boot-starter-security:3.4.0-M3
- org.springframework.boot:spring-boot-starter-test:3.4.0-M3
- org.springframework.boot:spring-boot-starter-thymeleaf:3.4.0-M3
- org.springframework.boot:spring-boot-starter-validation:3.4.0-M3
- org.springframework.boot:spring-boot-starter-webflux:3.4.0-M3
- org.springframework.integration:spring-integration-core:6.4.0-M3
- org.springframework.security:spring-security-oauth2-client:6.4.0-M4
- org.springframework.security:spring-security-oauth2-jose:6.4.0-M4
- org.springframework.security:spring-security-oauth2-resource-server:6.4.0-M4
- org.springframework.security:spring-security-test:6.4.0-M4
- org.springframework.session:spring-session-core:3.4.0-M2
- org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.2.RELEASE
The following dependencies have later release versions:
- com.google.guava:guava [32.0.1-jre -> 33.3.1-jre]
https://github.com/google/guava
- net.bytebuddy:byte-buddy [1.15.1 -> 1.15.3]
https://bytebuddy.net
- org.apache.lucene:lucene-analysis-common [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-backward-codecs [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-core [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-highlighter [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-queryparser [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.tika:tika-core [2.9.2 -> 3.0.0-BETA2]
https://tika.apache.org/
- org.jsoup:jsoup [1.15.3 -> 1.18.1]
https://jsoup.org/
Gradle release-candidate updates:
- Gradle: [8.10.2: UP-TO-DATE]
Generated report file build/dependencyUpdates/report.txt
> Task :application:dependencyUpdates
------------------------------------------------------------
:application Project Dependency Updates (report to plain text file)
------------------------------------------------------------
The following dependencies are using the latest release version:
- com.puppycrawl.tools:checkstyle:9.3
- io.projectreactor:reactor-test:3.7.0-M6
- org.jacoco:org.jacoco.agent:0.8.12
- org.jacoco:org.jacoco.ant:0.8.12
- org.springframework:spring-context-indexer:6.2.0-RC1
- org.springframework.boot:spring-boot-configuration-processor:3.4.0-M3
- org.springframework.boot:spring-boot-starter-test:3.4.0-M3
- org.springframework.security:spring-security-test:6.4.0-M4
- org.webjars.npm:jsencrypt:3.3.2
- org.webjars.npm:normalize.css:8.0.1
The following dependencies have later release versions:
- org.projectlombok:lombok [1.18.30 -> 1.18.34]
https://projectlombok.org
Gradle release-candidate updates:
- Gradle: [8.10.2: UP-TO-DATE]
Generated report file build/dependencyUpdates/report.txt
Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
For more on this, please refer to https://docs.gradle.org/8.10.2/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.
BUILD SUCCESSFUL in 1s
9 actionable tasks: 2 executed, 7 up-to-date
```
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
None
```
John Niang